[Openswan Users] ipsec tunnel breaks down after one hour

Christian Hocken christian at hocken.net
Wed Oct 3 11:20:29 EDT 2007


Thanks for your fast reply.
Sounds good that it's not a consequence of misconfiguration. Exists a  
workaround solution?

Christian

Am 03.10.2007 um 16:56 schrieb Paul Wouters:

> On Wed, 3 Oct 2007, Christian Hocken wrote:
>
>> running on Fedora Core 6 with kernel 2.6.22.7-57.fc6.
>> Several road warriors with different operating systems are connected
>> to the gateway, including Windows XP SP2,
>> Windows Vista and Mac OS X. All of them are using a combination of
>> ipsec and l2tp.
>> Initialising the connection works fine but the Vista client gets
>> disconnected after one hour. It seems as if something during
>> the rekey attempt goes wrong.
>
> Correct. I've notified Microsoft of this issue. You are not the fist
> to encounter this. It seems their rekeying code contains a bug where
> it tries to negotiate a "new" connection for the current one.
>
>> #4: STATE_QUICK_R2: IPsec SA established {ESP=>0x67d65cc2 <0x4d8fe6fb
>> xfrm=AES_128-HMAC_SHA1 NATD=80.130.250.50:4500 DPD=none}
>
>> Oct  2 23:55:30 gateway pluto[7841]: "l2tp-cert-nat"[5] 80.130.250.50
>> #5: responding to Quick Mode {msgid:02000000}
>> Oct  2 23:55:30 gateway pluto[7841]: "l2tp-cert-nat"[5] 80.130.250.50
>> #5: cannot install eroute -- it is in use for "l2tp-cert-nat"[4]
>> 80.130.250.50 #4
>
> Paul



More information about the Users mailing list