[Openswan Users] L2TP/IPSec breaks after 1 hour, no further login possible
Muenz, Michael
m.muenz at spam-fetish.org
Thu Jul 10 04:13:45 EDT 2008
Hi,
I've set up a L2TP/IPSec for a couple of users and it runs
fine for the last months. Since more and more users are using
it they are reporting that after one hour doing nothing with
the VPN the connection breaks and a relogin isn't possible.
The system is a Debian Etch, OpenSwan 2.4.12 with xl2tp 1.1.12.
In the logs I can see:
"roadwarrior" 84.180.115.109 #113309: initiating Main Mode to replace #XXX
pluto: ERROR: "roadwarrior-" X.X.X.X #XXX: sendto on eth0 to X.X.X.X:500
failed in EVENT_RETRA
NSMIT. Errno 1: Operation not permitted
iptables permits temporarily anything, SELinx runs only permissive.
My first thought is, that the client logins to VPN, doing nothing,
after one hour the VPN server wants to rekey, sends a packet out,
and the router in front of the client drops the packet because no
connection is known.
I'm wondering if there a no keepalives sent from the client?
Will I have to tweak the Windows roadwarriors sending keepalives?
How about configuring DPD for roadwarriors cleaning up dead
connections after 2 minutes to let the clients relogin again after
that period?
Thanks
Michael
More information about the Users
mailing list