[Openswan Users] L2TP/IPsec: Strange problems with rekey

Michael Schwartzkopff ms at sys4.de
Mon Nov 24 09:03:23 EST 2014


we want to set up a OpenSWAN server in the data center and some Windows 
L2TP/IPsec clients in remote location. In most of the cases it works, but some 
clients behave very strange.

When the time for rekey comes they send out a Informationnal Message to delete 
the current IPsec SA WITHOUT setting up a new phase 2 SA before. Of course 
communication breaks down, the windows client recognizes it after one minute 
and starts the complete Main Mode negotiation again.

tcpdump in the Windows machine shows that the Windows machine really does not 
send out Quick IKE packets to negotiate new Phase 2 credentials.

Together with the customer I try to figure out what might be the differences 
between a working and a failing Windows installation. But perhaps anybody on 
the list did see this behaviour before and knows the cause of the problem.

Any hints?

Mit freundlichen Grüßen,

Michael Schwartzkopff

[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.openswan.org/pipermail/users/attachments/20141124/5e3fd77a/attachment.pgp>

More information about the Users mailing list