[ previous ] [ next ] [ threads ]
 
 From:  Vincent Fleuranceau <vincent at bikost dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: IPsec auto-establishment broken
 Date:  Mon, 27 Sep 2004 12:08:17 +0200
Manuel,

I'm experiencing IPsec re-establishment troubles again, after upgrading 
both endpoints to 1.2b1 this morning.


For your information:

I've been testing Fred's pre-1.2b1 image with my two net4501 for a week 
with no problem.

I've been using the following settings:

<shellcmd>sysctl -w net.key.preferred_oldsa=-30</shellcmd>
<shellcmd>echo &gt;&gt;/tmp/pinger.sh ping -i 5 -c 24 -S '$1' 
'$2'</shellcmd>
<shellcmd>echo &gt;&gt;/tmp/pinger.sh exec ping -i 60 -S '$1' 
'$2'</shellcmd>
<shellcmd>sh /tmp/pinger.sh 192.168.5.254 192.168.1.254 &gt;/dev/null 
2&gt;/dev/null&amp;</shellcmd>

Of course, in my current setup (1.1b2) I've simply removed the 
<shellcmd> entries. Should I consider using them again in place of the 
WebGUI keepalive option?

Has the 'obey' -> 'claim' change affected my setup (like Chris 
Buechler), even if I use only m0n0wall on both sides of the tunnel?

Comments (and solutions ;-) are welcome!

-- Vincent