[Openswan Users] Vista Rekeying solution available yet?

Wed Jun 11 11:23:29 EDT 2008

Personally i have that set and i still have the same problem with 
windows vista clients.
Windows xp clients work fine and dandy for connection of over 24 hours even.
Vista clients =~ 1 hour and then barf and i need to either reset ipsec 
connection or reboot the vista machine.
vista = lose

but unfortunately i have too many vista roadwarriors to ignore this so i 
need some help.

TIA
-James

Just in case you wanted my setup config here it is:

version 2.0

config setup
        interfaces=%defaultroute
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn roadwarrior-a-psk
        authby=secret|rsasig
        pfs=no
        left=BLAH.BLAH
        leftprotoport=17/1701
        leftrsasigkey=%cert
        right=%any
        rightprotoport=17/1701
        rightsubnet=vhost:%no,%priv
        rightrsasigkey=%cert
        auto=add
        rekey=no

conn roadwarrior-certificates-a
        authby=secret|rsasig
        leftrsasigkey=%cert
        left=BLAH.BLAH
        leftcert=/etc/BLAH
        leftprotoport=17/1701
        rightrsasigkey=%cert
        right=%any
        rightca=%same
        rightprotoport=17/1701
        rightsubnet=vhost:%no,%priv
        pfs=no
        auto=add
        rekey=no

conn block
        auto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn clear
        auto=ignore

conn packetdefault
        auto=ignore

Marco Berizzi wrote:
> Julien DELEAN wrote:
>
>   
>> erf... You're right...
>> So our problem is not related to this Bugtrack... Damned.
>>     
>
>   
>> Is this an issue about Vista rekey ? isn't it ?
>>     
>
> yes, this bug affect all M$ ipsec stack AFAIK.
> However, a possible workaround is adding rekey=no
> to your roadwarrior configuration section in
> ipsec.conf
>
>
>   