Good day,
Yes, it happens regularly- it looks like it takes one hour.
I'm not using Freeswan, I'm using the KAME implementation in the 2.6 kernel, as per my original post.
I admit that I'm not the most knowledgeable person on ipsec, but, I think the problem might be with my setkey policy statements, since I see dynamic policies get created upon connection that say they last one hour. I followed this howto exactly in that regard:
http://www.funknet.org/doc/tunnel/l2tp.html
... but I have a feeling that its setkey policy is incomplete. SIGH.
Yeah, you could be right there - but it does come up the first time, if I understand you right. The setkey script I used was the minimum I needed to get things to come up - racoon fills in the rest.
I guess what's happening is that the client wants to rekey after an hour, but that fails, so the connnection eventually drops. If the policies are being created with a lifetime of 3600 seconds (presumably based on what the client suggests) then maybe altering the:
lifetime time 28800 sec;
to match in racoon.conf will help.
I must admit that I don't currently use the config that's on the funknet.org page (I needed NAT-T before it was available in 2.6 so I'm using openswan 1 on 2.4...). I'd welcome any feedback on that page, which I'm sure is now out of date.
On the other hand, I'm told that 2.6 now supports NAT-T, so I really must give it another go.
Chris.
