[Openswan Users] L2TP/IPSec breaks after 1 hour, no further login possible
Paul Wouters
paul at xelerance.com
Thu Jul 10 13:08:24 EDT 2008
On Thu, 10 Jul 2008, Muenz, Michael wrote:
> > Upgrade xl2tpd to 1.2.x ?
>
> Oh, website states latest release is 1.1.12. Is 1.2.X stable enough?
Yes. I will update the website.
> > Windows does not support DPD.
>
> Ok, so does OpenSwan drop packets from clients with isakmp-nat-keep-alive? In
> my tcpdump on the server I always see:
>
> "IP client.1052 > server.4500: isakmp-nat-keep-alive"
That's not DPD, but NAT-T keepalives. That's completely different. DPD is
dead peer detection on the IPsec level, while NAT-T keepalives are meant
to keep the NAT connection 'active' so the NAT router does not expire its
port mapping.
Paul
More information about the Users
mailing list