Hi all.
On Thu, Dec 17, 2009 at 11:01:00AM -0500, Mike Tancsa wrote:
[...]
> Another thing to try is
> sysctl -w net.key.preferred_oldsa=0
Yep, this is how most IPsec devices works and expects peers to work.
> Also, check and make sure you have dpd compiled into
> ipsectools and make sure ena
At 02:50 AM 12/15/2009, Jon Otterholm wrote:
On 2009-12-11 20.23, "Mike Tancsa" wrote:
>
>
> You might also want to turn on DPD (dead peer
> detection) in ipsectools if you dont already have
> it on both sides. Are you really using des for
> the crypto ? Also, when the session is
> negotiated,
On 2009-12-11 20.23, "Mike Tancsa" wrote:
> At 11:33 AM 12/11/2009, David DeSimone wrote:
>> Jon Otterholm wrote:
>>>
>>> If I restart racoon or wait approximately 30 min the connection is
>>> re-established.
>>
>> Since this is approximately ½of the phase 2 lifetime, you are probably
>> run
Mike Tancsa wrote:
At 04:43 PM 12/11/2009, Jon Otterholm wrote:
> Also, what does
> sysctl net.key.preferred_oldsa
>
> show ?
It has not jamed up yet but here is output from sysctl:
net.key.preferred_oldsa: 1
Would it help setting it to 0 to force renewal of keys at reconnection?
I think it
At 04:43 PM 12/11/2009, Jon Otterholm wrote:
> Also, what does
> sysctl net.key.preferred_oldsa
>
> show ?
It has not jamed up yet but here is output from sysctl:
net.key.preferred_oldsa: 1
Would it help setting it to 0 to force renewal of keys at reconnection?
I think it should allow your e
On 2009-12-11 20.23, "Mike Tancsa" wrote:
> At 11:33 AM 12/11/2009, David DeSimone wrote:
>> Jon Otterholm wrote:
>>>
>>> If I restart racoon or wait approximately 30 min the connection is
>>> re-established.
>>
>> Since this is approximately ½of the phase 2 lifetime, you are probably
>> run
At 11:33 AM 12/11/2009, David DeSimone wrote:
Jon Otterholm wrote:
>
> If I restart racoon or wait approximately 30 min the connection is
> re-established.
Since this is approximately ½of the phase 2 lifetime, you are probably
running into lifetime negotiation issues, or PFS issues.
> What wo
11 dec 2009 kl. 17.34 skrev "David DeSimone" :
Jon Otterholm wrote:
If I restart racoon or wait approximately 30 min the connection is
re-established.
Since this is approximately ½of the phase 2 lifetime, you are proba
bly
running into lifetime negotiation issues, or PFS issues.
What
Jon Otterholm wrote:
>
> If I restart racoon or wait approximately 30 min the connection is
> re-established.
Since this is approximately ½of the phase 2 lifetime, you are probably
running into lifetime negotiation issues, or PFS issues.
> What would be the obvious way to debug this? Any sugge
I have a site-to-site vpn between these two:
1. FreeBSD 7.2-RELEASE-p4, racoon, ipsec-tools-0.7.3
2. Symantec VPN 100, (also known as "Nexland Pro 800")
I have intermittent connection problems between these two and I can't seem
to identify what the problem is. I realize the complexity and challe
10 matches
Mail list logo
