[Openswan Users] SPI - bogus implementation
Steve Zeng
SteveZ at airg.com
Thu May 27 18:51:26 EDT 2010
>Two connections are racing each other, and you are continiously rekeying, which is causing your packet loss.
Make sense. Is there any way I could just enable one connection?
Steve
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: May 27, 2010 11:52 AM
To: Steve Zeng
Cc: Users at openswan.org
Subject: RE: [Openswan Users] SPI - bogus implementation
On Thu, 27 May 2010, Steve Zeng wrote:
> I put rekey=no in my end(openswan). I got the same errors. If I put auto=add as well, the tunnel is not up automatically.
The instance behind NAT cannot initiate, hence the auto=add and not auto=start. If both are
behind NAT with a portforward, then you deserve all the problems you are having, and rekeying
likely stays a problem for you.
Paul
More information about the Users
mailing list