[Openswan Users] Fwd: VPN connection dropping off

Paul Wouters paul at xelerance.com
Fri Sep 11 12:21:24 EDT 2009

On Fri, 11 Sep 2009, Ogonna Iwunze wrote:

> I have a VPN tunnel (site-to-site) between a remote Linux box running OpenSwan and a Cisco ASA 5510 (gateway to my LAN) recently implemented.  Connectivity between both peers establishes ok and I can ping either ends as well as send traffic to and fro too.  However, each time there is persistent traffic through the tunnel (e.g. while rsync/coping a file or folder 5GB in size) which lasts for about 10 mins or more, the VPN connection drops out.  At this time, I can neither ping nor access my remote linux server.  The effect of this loss in connectivity is that I'm unable to remotely backup the server (using tar, rsync etc) or copy large items from the remote server.

My guess is that your Cisco rekeys when it hits 4GB of traffic. And that initiation from
the cisco end to the openswan end fails (though initiating from openswan to cisco works)

> conn MYCONX
>        type=tunnel
>        authby=secret
>        left=           # IP address of linux server
>        leftsubnet=
>        leftnexthop=%defaultroute
>        right=        # Outside interface address of Cisco ASA 5510
>        rightsubnet=
>        rightnexthop=%defaultroute
>        esp=aes128-sha1
>        keyexchange=ike
>        pfs=no
>        auto=start
>        ikelifetime=4h

One reason could be that your pfs setting is wrong. With pfs=no, openswan will still
allow pfs=yes but propose pfs=no.

As a first test, try to bring the tunnel up from the cisco end and see if that
works. If not, fix that problem and your other problem will likely go away.


More information about the Users mailing list