[Openswan Users] windows client cannot rekey

Marc Fisher m4fisher at gmail.com
Thu Jun 24 04:19:52 EDT 2010

Hmm, feels like I'm talking to myself but it seems I was able to solve 
the rekey problem.
Or to be more specific, Paul solved it in 2.6.27 with the 
ALLOW_MICROSOFT_BAD_PROPOSAL patch for nat (I think)

Changing "rekey" to "yes" now works, before 2.6.27 it got stuck on the 
"bad proposal"
With rekey=yes I simply get
"Allowing questionable proposal anyway [ALLOW_MICROSOFT_BAD_PROPOSAL]"
and the connection survives the rekey process.

The rekey now seems to take place every 45 minutes instead of 60, but as 
long as it works, that shouldn't be a problem. Connections seem to be 
replaced correctly so the kernel shouldn't crash now ;)
log here: http://ioudas.net/openswanworks.txt

The question is: Is this how it's supposed to work? Is there someone who 
is able to let XP client rekey and not get the connection dropped?


More information about the Users mailing list