[Openswan Users] Sonicwall tunnel keeps disconnecting

Gaiseric Vandal gaiseric.vandal at gmail.com
Thu Mar 11 17:26:34 EST 2010 

On 03/11/2010 04:55 PM, Mike A. Leonetti wrote:
> Gaiseric Vandal wrote:
>> Maybe a NAT thing?
>>
>> The following entry under config section may help
>>
>>       nat_traversal=yes
>>
>>
>> Do you also have Windows VPN clients?   Do they have the same problem?
>> The general issue I had with Sonicwall was DPD (dead peer detection)
>> packets that didn't go through NAT.
>>
>>
>>
>> On 03/11/2010 01:52 PM, Mike A. Leonetti wrote:
>>    
>>> It seems at random times the tunnel between the machine and the
>>> Sonicwall device keep disconnecting.  I haven't been able to isolate how
>>> long it takes or why.  Are there any options I may be missing?
>>>
>>> Config:
>>> conn sonicwall
>>>           left=x.x.x.x
>>>           leftsourceip=10.1.1.1
>>>           leftsubnet=10.1.1.0/24
>>>           leftid=x.x.x.x
>>>           right=y.y.y.y
>>>           rightsubnet=10.10.12.0/24
>>>           rightid=y.y.y.y
>>>           keyingtries=0
>>>           pfs=no
>>>           aggrmode=yes
>>>           auto=start
>>>           auth=esp
>>>           esp=3des-sha1
>>>           ike=3des-sha1
>>>           authby=secret
>>>           keyexchange=ike
>>>
>>> _______________________________________________
>>> Users at openswan.org
>>> http://lists.openswan.org/mailman/listinfo/users
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>
>>>      
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>    
> This is the rest of my config:
>
> version 2.0
>
> config setup
>         nat_traversal=yes
>         oe=off
>         protostack=netkey
>
> I don't have any Windows users on these.
>

What model and OS for the sonicwall?  You may want to check the DPD 
settings on the sonicwall.   On my system VPN-> Advanced.  Enable DPD.  
I have the interval set to 30 secs.  I do not have "enable DPD detection 
for idle sessions" enabled.   I don't remember if the VPN server is so 
supposed to initiate a DPD exchange with the client of vice versa-  
either way DPD doesn't go through NAT properly in one of the directions 
(or it uses the wrong port.)    I do remember that I also had to change 
the interval from 90 to 30 seconds, other wise the client would time out.

The benefit of trying it with a Windows client is that it may help you 
determine if the problem is a client or server side.    If you can 
someone assign a real public IP to a linux VPN client, you could also 
rule out client side NAT issues that way.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100311/fc864181/attachment.html

More information about the Users mailing list