On Mon, 24 Nov 2014, Michael Schwartzkopff wrote:
we want to set up a OpenSWAN server in the data center and some Windows
L2TP/IPsec clients in remote location. In most of the cases it works, but some
clients behave very strange.
When the time for rekey comes they send out a Informationnal Message to delete
the current IPsec SA WITHOUT setting up a new phase 2 SA before. Of course
communication breaks down, the windows client recognizes it after one minute
and starts the complete Main Mode negotiation again.
tcpdump in the Windows machine shows that the Windows machine really does not
send out Quick IKE packets to negotiate new Phase 2 credentials.
Together with the customer I try to figure out what might be the differences
between a working and a failing Windows installation. But perhaps anybody on
the list did see this behaviour before and knows the cause of the problem.
Any hints?
If using username/passwords, ensure those are saved in the connection or
else it cannot rekey. Other than that, I don't know. Usually people do
not use L2TP/IPsec for long lived IPse connections. You could try using
the native XAUTH with libreswan using Shrew VPN client for windows?
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
