[Openswan Users] ipsec tunnel breaks down after one hour
Paul Wouters
paul at xelerance.com
Wed Oct 3 10:56:13 EDT 2007
On Wed, 3 Oct 2007, Christian Hocken wrote:
> running on Fedora Core 6 with kernel 2.6.22.7-57.fc6.
> Several road warriors with different operating systems are connected
> to the gateway, including Windows XP SP2,
> Windows Vista and Mac OS X. All of them are using a combination of
> ipsec and l2tp.
> Initialising the connection works fine but the Vista client gets
> disconnected after one hour. It seems as if something during
> the rekey attempt goes wrong.
Correct. I've notified Microsoft of this issue. You are not the fist
to encounter this. It seems their rekeying code contains a bug where
it tries to negotiate a "new" connection for the current one.
> #4: STATE_QUICK_R2: IPsec SA established {ESP=>0x67d65cc2 <0x4d8fe6fb
> xfrm=AES_128-HMAC_SHA1 NATD=80.130.250.50:4500 DPD=none}
> Oct 2 23:55:30 gateway pluto[7841]: "l2tp-cert-nat"[5] 80.130.250.50
> #5: responding to Quick Mode {msgid:02000000}
> Oct 2 23:55:30 gateway pluto[7841]: "l2tp-cert-nat"[5] 80.130.250.50
> #5: cannot install eroute -- it is in use for "l2tp-cert-nat"[4]
> 80.130.250.50 #4
Paul
More information about the Users
mailing list