On 02/10/2016 10:10 PM, John Cenile wrote:
I do notice a lot of these errors in the secure log though, would this be
any indication of a problem? (I'm grepping for this specific error, they're
not the only messages in there).
Feb 11 14:18:10 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delet
As I said though, there's no lost ICMP packets, even when the IPSec tunnel
drops out.
I do notice a lot of these errors in the secure log though, would this be
any indication of a problem? (I'm grepping for this specific error, they're
not the only messages in there).
Feb 11 14:18:10 site-a pluto
Well. Centos 5 is really near of it's end of life. There is not much
updates to kernel or openswan. You should at least try latest openswan
version.
Your issue looks like a bit network problem.
--
Eero
2016-02-10 8:34 GMT+02:00 John Cenile :
> So lowering the keylife / ikelifetime didn't solve
So lowering the keylife / ikelifetime didn't solve the problem. I've
enabled debugging and I'll see what it says.
Unfortunately we can't (easily) upgrade CentOS, do you believe that would
make a huge difference though? Are the newer versions of OpenSwan *that *much
more reliable?
On 10 February 2
Centos 5 is also a bit old os. Is it possible to use newer version? (like
centos 7 or centos 6?)
Eero
2016-02-09 19:52 GMT+02:00 Gordon Messmer :
> On 02/09/2016 07:04 AM, John Cenile wrote:
>
>> does anyone have any suggestions on what the problem might be?
>>
>
> Not off the top of my head, bu
On 02/09/2016 07:04 AM, John Cenile wrote:
does anyone have any suggestions on what the problem might be?
Not off the top of my head, but if I were you, I'd enable debugging of
"control" and "dpd". See man ipsec.conf (/plutodebug) and man ipsec_pluto.
Try setting lower keyexpiry time on other endpoint.
--
Eero
2016-02-09 17:04 GMT+02:00 John Cenile :
> Hello,
>
> I'm cross posting this from the OpenSwan mailing list, in case someone here
> can help.
>
> We have two sites connected via OpenSwan 2.6.32-9 on CentOS 5, sharing 6
> /24 subnets eac
Thanks, I've updated the config with the following:
keylife=20m
ikelifetime=2h
I'll see how that goes.
In the mean time, any other suggestions would be greatly appreciated.
On 10 February 2016 at 02:14, Eero Volotinen wrote:
> Try setting lower keyexpiry time on other endpoint
8 matches
Mail list logo
