[Openswan Users] Fedora + xl2tpd + openswan with psk retransmiting key?
Panics Robert
pampi at 6b0ne.hu
Thu Nov 8 15:36:35 EST 2007
Thanks!
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Thursday, November 08, 2007 6:41 PM
To: Panics Robert
Cc: users at openswan.org
Subject: Re: [Openswan Users] Fedora + xl2tpd + openswan with psk
retransmiting key?
On Thu, 8 Nov 2007, Panics Robert wrote:
> I got a working config with PSK setting, but when I use the VPN connection
> longer than an hour, I got a message like that at secure.log
>
> Nov 8 00:38:16 devel pluto[8487]: "L2TP-PSK"[4] #9: responding to Quick
> Mode {msgid:df83756b}
> Every hour..
Yes.
> When this message shows, on the VPN client I got one or two packet lost,
but
> the xl2tpd connection didn't disconnect. I think it's retransmit the ipsec
> key or something like that..
It is rekeying. And since the remote client has to rekey (and openswan waits
for that with rekey=no), there is nothing you can do. The keylife has been
set by the Windows client. On ISA server you can fairly easilly change the
keylifes, but i dont think you can easilly cahnge it on XP/Vista.
Of course, you should not be losing any packets, as with a proper rekey
you will briefly allow receiving packets on the old IPsec SA, but not use
it to send anymore, so it guarantees a smooth transition. Guess it's a bug
in Windows.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
_____________ NOD32 2643 (20071107) Informacis _____________
Az |zenetet a NOD32 antivirus system megvizsgalta.
http://www.nod32.hu
More information about the Users
mailing list