[Openswan Users] Fedora + xl2tpd + openswan with psk retransmiting key?

Panics Robert pampi at 6b0ne.hu
Thu Nov 8 15:36:35 EST 2007


-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: Thursday, November 08, 2007 6:41 PM
To: Panics Robert
Cc: users at openswan.org
Subject: Re: [Openswan Users] Fedora + xl2tpd + openswan with psk
retransmiting key?

On Thu, 8 Nov 2007, Panics Robert wrote:

> I got a working config with PSK setting, but when I use the VPN connection
> longer than an hour, I got a message like that at secure.log
> Nov  8 00:38:16 devel pluto[8487]: "L2TP-PSK"[4]  #9: responding to Quick
> Mode {msgid:df83756b}

> Every hour..


> When this message shows, on the VPN client I got one or two packet lost,
> the xl2tpd connection didn't disconnect. I think it's retransmit the ipsec
> key or something like that..

It is rekeying. And since the remote client has to rekey (and openswan waits
for that with rekey=no), there is nothing you can do. The keylife has been
set by the Windows client. On ISA server you can fairly easilly change the
keylifes, but i dont think you can easilly cahnge it on XP/Vista.

Of course, you should not be losing any packets, as with a proper rekey
you will briefly allow receiving packets on the old IPsec SA, but not use
it to send anymore, so it guarantees a smooth transition. Guess it's a bug
in Windows.

Building and integrating Virtual Private Networks with Openswan:

 _____________ NOD32 2643 (20071107) Informacis _____________

Az |zenetet a NOD32 antivirus system megvizsgalta.

More information about the Users mailing list