[Openswan Users] L2TP/IPSec breaks after 1 hour, no further login possible

Paul Wouters paul at xelerance.com
Thu Jul 10 10:12:37 EDT 2008

On Thu, 10 Jul 2008, Muenz, Michael wrote:

> I've set up a L2TP/IPSec for a couple of users and it runs
> fine for the last months. Since more and more users are using
> it they are reporting that after one hour doing nothing with
> the VPN the connection breaks and a relogin isn't possible.
> The system is a Debian Etch, OpenSwan 2.4.12 with xl2tp 1.1.12.

Upgrade xl2tpd to 1.2.x ?

> In the logs I can see:
> "roadwarrior" #113309: initiating Main Mode to replace #XXX
> pluto: ERROR: "roadwarrior-" X.X.X.X #XXX: sendto on eth0 to X.X.X.X:500 
> failed in EVENT_RETRANSMIT. Errno 1: Operation not permitted

Why is your server rekeying? The clients should only rekey. Add rekey=no
to your configuration.

> How about configuring DPD for roadwarriors cleaning up dead
> connections after 2 minutes to let the clients relogin again after
> that period?

Windows does not support DPD.


More information about the Users mailing list