[Openswan Users] L2TP/IPSec breaks after 1 hour, no further login possible
Paul Wouters
paul at xelerance.com
Thu Jul 10 10:12:37 EDT 2008
On Thu, 10 Jul 2008, Muenz, Michael wrote:
> I've set up a L2TP/IPSec for a couple of users and it runs
> fine for the last months. Since more and more users are using
> it they are reporting that after one hour doing nothing with
> the VPN the connection breaks and a relogin isn't possible.
>
> The system is a Debian Etch, OpenSwan 2.4.12 with xl2tp 1.1.12.
Upgrade xl2tpd to 1.2.x ?
> In the logs I can see:
>
> "roadwarrior" 84.180.115.109 #113309: initiating Main Mode to replace #XXX
> pluto: ERROR: "roadwarrior-" X.X.X.X #XXX: sendto on eth0 to X.X.X.X:500
> failed in EVENT_RETRANSMIT. Errno 1: Operation not permitted
Why is your server rekeying? The clients should only rekey. Add rekey=no
to your configuration.
> How about configuring DPD for roadwarriors cleaning up dead
> connections after 2 minutes to let the clients relogin again after
> that period?
Windows does not support DPD.
Paul
More information about the Users
mailing list