[Openswan Users] Tunnel goes down for no reason
Paul Wouters
paul at xelerance.com
Sat Sep 8 11:28:25 EDT 2007
On Sat, 8 Sep 2007, Roland Plüss wrote:
> > If you are doing NAT-Traversal, your NAT router might be timing out the
> > port mapping.
> >
> No, this should not be the case. I have the following setup:
>
> company/home ( both the same ):
> - ADSL router set to forward all connections to the server ( hence a 1:1
> mapping sort of )
That is NAT, and your NAT router will keep and expire state.
> - Gentoo server with OpenSwan with iptables set to not masquerade the
> VPN traffic
If they have public ips right, if they have private ip's, there is NAT
state.
> > You have to first figure out why it is going down. Are both sides openswan?
> > If both end support DPD, you can enable that.
> >
> What is DPD in OpenSwan?
Dead Peer Detection, see dpdaction=,dpdaction=,dpdtimeout.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list