[Openswan Users] ipsec tunnel breaks down after one hour

Paul Wouters paul at xelerance.com
Wed Oct 3 10:56:13 EDT 2007

On Wed, 3 Oct 2007, Christian Hocken wrote:

> running on Fedora Core 6 with kernel
> Several road warriors with different operating systems are connected
> to the gateway, including Windows XP SP2,
> Windows Vista and Mac OS X. All of them are using a combination of
> ipsec and l2tp.
> Initialising the connection works fine but the Vista client gets
> disconnected after one hour. It seems as if something during
> the rekey attempt goes wrong.

Correct. I've notified Microsoft of this issue. You are not the fist
to encounter this. It seems their rekeying code contains a bug where
it tries to negotiate a "new" connection for the current one.

> #4: STATE_QUICK_R2: IPsec SA established {ESP=>0x67d65cc2 <0x4d8fe6fb
> xfrm=AES_128-HMAC_SHA1 NATD= DPD=none}

> Oct  2 23:55:30 gateway pluto[7841]: "l2tp-cert-nat"[5]
> #5: responding to Quick Mode {msgid:02000000}
> Oct  2 23:55:30 gateway pluto[7841]: "l2tp-cert-nat"[5]
> #5: cannot install eroute -- it is in use for "l2tp-cert-nat"[4]
> #4


More information about the Users mailing list