[Openswan Users] L2TP/IPSec breaks after 1 hour, no further login possible

Paul Wouters paul at xelerance.com
Thu Jul 10 13:08:24 EDT 2008

On Thu, 10 Jul 2008, Muenz, Michael wrote:

> > Upgrade xl2tpd to 1.2.x ?
> Oh, website states latest release is 1.1.12. Is 1.2.X stable enough?

Yes. I will update the website.

> > Windows does not support DPD.
> Ok, so does OpenSwan drop packets from clients with isakmp-nat-keep-alive? In
> my tcpdump on the server I always see:
> "IP client.1052 > server.4500: isakmp-nat-keep-alive"

That's not DPD, but NAT-T keepalives. That's completely different. DPD is
dead peer detection on the IPsec level, while NAT-T keepalives are meant
to keep the NAT connection 'active' so the NAT router does not expire its
port mapping.


More information about the Users mailing list