[Openswan Users] ipsec tunnel breaks down after one hour

Christian Hocken christian at hocken.net
Wed Oct 3 11:20:29 EDT 2007

Thanks for your fast reply.
Sounds good that it's not a consequence of misconfiguration. Exists a  
workaround solution?


Am 03.10.2007 um 16:56 schrieb Paul Wouters:

> On Wed, 3 Oct 2007, Christian Hocken wrote:
>> running on Fedora Core 6 with kernel
>> Several road warriors with different operating systems are connected
>> to the gateway, including Windows XP SP2,
>> Windows Vista and Mac OS X. All of them are using a combination of
>> ipsec and l2tp.
>> Initialising the connection works fine but the Vista client gets
>> disconnected after one hour. It seems as if something during
>> the rekey attempt goes wrong.
> Correct. I've notified Microsoft of this issue. You are not the fist
> to encounter this. It seems their rekeying code contains a bug where
> it tries to negotiate a "new" connection for the current one.
>> #4: STATE_QUICK_R2: IPsec SA established {ESP=>0x67d65cc2 <0x4d8fe6fb
>> xfrm=AES_128-HMAC_SHA1 NATD= DPD=none}
>> Oct  2 23:55:30 gateway pluto[7841]: "l2tp-cert-nat"[5]
>> #5: responding to Quick Mode {msgid:02000000}
>> Oct  2 23:55:30 gateway pluto[7841]: "l2tp-cert-nat"[5]
>> #5: cannot install eroute -- it is in use for "l2tp-cert-nat"[4]
>> #4
> Paul

More information about the Users mailing list