[Openswan Users] windows client cannot rekey

Paul Wouters paul at xelerance.com
Thu Jun 24 12:42:42 EDT 2010


On Thu, 24 Jun 2010, Marc Fisher wrote:


You should let the client rekey and have rekey=no on the server side.

Paul

> Hmm, feels like I'm talking to myself but it seems I was able to solve
> the rekey problem.
> Or to be more specific, Paul solved it in 2.6.27 with the
> ALLOW_MICROSOFT_BAD_PROPOSAL patch for nat (I think)
>
> Changing "rekey" to "yes" now works, before 2.6.27 it got stuck on the
> "bad proposal"
> With rekey=yes I simply get
> "Allowing questionable proposal anyway [ALLOW_MICROSOFT_BAD_PROPOSAL]"
> and the connection survives the rekey process.
>
> The rekey now seems to take place every 45 minutes instead of 60, but as
> long as it works, that shouldn't be a problem. Connections seem to be
> replaced correctly so the kernel shouldn't crash now ;)
> log here: http://ioudas.net/openswanworks.txt
>
> The question is: Is this how it's supposed to work? Is there someone who
> is able to let XP client rekey and not get the connection dropped?
>
> Marc
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>


More information about the Users mailing list