On Tue, 31 Jul 2007, Bjoern A. Zeeb wrote:
On Tue, 31 Jul 2007, Antony Mawer wrote:
Hi,
On 31/07/2007 10:52 AM, Isaac Kohen wrote:
I'm running 6.2-REL. My kernel is compiled with IPSEC, IPSEC_ESP, and
IPSEC_DEBUG. I've installed ipsec-tools 0.6.7.
I've had an openbsd ipsec/vpn gateway for several years that recently died
as a result of hardware failure. I moved my configuration from isakmpd to
racoon
and can connect successfully to all the linksys vpn "routers" that I could
connect to before. Problem is that after a few hours the connection drops
and doesn't come back up until I do setkey -F and setkey -FP and restart
racoon. My openbsd/isakmpd setup worked very well so I'm guessing it's not
those cheap linksys boxes.
I thought it was racoon at first, so I installed and ran isakmpd on
freebsd
using my isakmpd.conf from the openbsd box that I knew worked, but the
same
problem persisted.
Another "me too" -- we have been running an IPSEC link between FreeBSD
6.2-RELEASE gateway and a Billion 7404VGO VPN router. The VPN link itself
operates fine, but frequently the connection drops and we have to go
through a song-and-dance of restarting racoon, the VPN router, etc trying
to get it back up and running.
I haven't got around to tracking down the exact sequence necessary to bring
it back up and running, but eventually after restarting everything we
manage to get things operating again (until the next time).
I will try and find some more details when I get the opportunity...
The situation might change if you do a:
sysctl net.key.preferred_oldsa=0
My colleague just told me that I wrote =0.
Most of the cheap appliances for some reason seem to require =1 which,
of course leads to trouble, if one side reboots for example.
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
Software is harder than hardware so better get it right the first time.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
