It should also be noted that we where shipping a "invalid" racoon recently with NAT-T enabled in racoon but not in the kernel. Somehow along the way NATT was changed to "enabled" and our BATCH port building system picked this up.
Basically what I am trying to say is make sure all endpoints are on the same version. Preferably 1.2-BETA-1. Scott On 7/2/07, Chris Buechler <[EMAIL PROTECTED]> wrote:
Anil garg wrote: > Guys this is a problem in 1.01 release and not sure if it is fixed in > 1.2 beta. A lot has changed between 1.0 and 1.2, so it's hard to say if 1.0 had some IPsec issues, but 99% of IPsec issues reported are user error, including seemingly all the "tunnels drop all the time" stuff that constantly comes up. That's what happens when you screw up lifetimes, have some non-pfsense/m0n0wall box on the other side that's buggy, or have any number of other settings mismatched. It's possible you have things configured completely correctly, and racoon has some sort of issue with that device for whatever reason, but I've yet to see anybody actually prove that's the case. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
