Good day, Yes, it happens regularly- it looks like it takes one hour.
I'm not using Freeswan, I'm using the KAME implementation in the 2.6 kernel, as per my original post. I admit that I'm not the most knowledgeable person on ipsec, but, I think the problem might be with my setkey policy statements, since I see dynamic policies get created upon connection that say they last one hour. I followed this howto exactly in that regard: http://www.funknet.org/doc/tunnel/l2tp.html ... but I have a feeling that its setkey policy is incomplete. SIGH. Thanks for your reply, though! ============================ Darren Gamble Planner, Regional Services Shaw Cablesystems GP 630 - 3rd Avenue SW Calgary, Alberta, Canada T2P 4L4 (403) 781-4948 > -----Original Message----- > From: Cressatti, Dominique [mailto:[EMAIL PROTECTED] > Sent: June 23, 2004 2:35 AM > To: [EMAIL PROTECTED] > Subject: RE: IPSEC connectivity dies after a few hours > > Is the disconnection happening on a regular basis (every 2 hours, > etc...) > or completely at random ? > If it is happening on a regular basis, I had the same problem > with connections that need to stay up for several hours (site to site > VPN setup). > It turned out to be that needed the "delete-notification" patch in > freeswan. > > What's raccoon? the equivalent of Freeswan? > > As for debugging you can enable more debugging in network.c > ================================= > ... > > /* > * Debugging info > */ > int debug_tunnel = 0; > int debug_network = 0; /* Debug networking? */ > int packet_dump = 0; /* Dump packets? */ > int debug_avp = 1; /* Debug AVP negotiations? */ > int debug_state = 0; /* Debug state machine? */ > > int init_network (void) > { > ... > ================================= > > Dom > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Darren Gamble > Sent: 22 June 2004 16:45 > To: '[EMAIL PROTECTED]' > Subject: IPSEC connectivity dies after a few hours > > Good day, > > I am still having some odd problems with my Fedora Core 2 / 2.6(KAME) / > raccoon / l2tpd setup. I am not sure if this is due to racoon, l2tpd, > or the kernel- I am hoping someone on the list might have enough > expertise to point me in the right direction. > > After starting raccoon and l2tpd, things work fine for a few hours or > so. > Then, suddenly, the connection stops working, and no more clients can > connect (their connection attempts time out). If I restart raccoon, > things will start working again for another few hours. > > Here's what my messages file looks like for clients when this happens. > racoon was started with -d -d -d, server is A.B.C.D, client is W.X.Y.Z : > > > > Jun 22 09:14:59 vpn1 racoon: INFO: isakmp.c:903:isakmp_ph1begin_r(): > respond new phase 1 negotiation: A.B.C.D[500]<=>W.X.Y.Z[500] Jun 22 > 09:14:59 vpn1 > racoon: INFO: isakmp.c:908:isakmp_ph1begin_r(): begin Identity > Protection mode. Jun 22 09:14:59 vpn1 racoon: INFO: > vendorid.c:128:check_vendorid(): > received Vendor ID: MS NT5 ISAKMPOAKLEY Jun 22 09:14:59 vpn1 racoon: > INFO: > isakmp.c:2443:log_ph1established(): ISAKMP-SA established > A.B.C.D[500]-W.X.Y.Z[500] spi:2d7d2347d50fdb54:a6c72f21c17feb99 > Jun 22 09:14:59 vpn1 racoon: INFO: isakmp.c:1058:isakmp_ph2begin_r(): > respond new phase 2 negotiation: A.B.C.D[0]<=>W.X.Y.Z[0] Jun 22 09:15:00 > vpn1 racoon: INFO: pfkey.c:1127:pk_recvupdate(): IPsec-SA > established: ESP/Transport W.X.Y.Z->A.B.C.D spi=27239154(0x19fa2f2) Jun > 22 09:15:00 vpn1 racoon: INFO: pfkey.c:1348:pk_recvadd(): IPsec-SA > established: ESP/Transport A.B.C.D->W.X.Y.Z spi=1078787071(0x404cfbff) > Jun 22 09:15:06 vpn1 l2tpd[10203]: call_close : Connection 1 closed to > W.X.Y.Z, port 1701 (Timeout) > > > I can see that the connection at least makes it to l2tpd. Are there > perhaps some debugging options on l2tpd that I could enable? > > Any assistance would be appreciated. Thanks! > > ============================ > Darren Gamble > Planner, Regional Services > Shaw Cablesystems GP > 630 - 3rd Avenue SW > Calgary, Alberta, Canada > T2P 4L4 > (403) 781-4948 >
