>From: Chris Buechler [mailto:cbuechler at gmail dot com]
>Sent: Saturday, April 16, 2005 3:18 PM
>To: Kyle Anderson
>Subject: Re: [m0n0wall] vpn problems
>>On 4/11/05, Kyle Anderson <kyle at tcspdx dot com> wrote:
>> I have set up the mobile vpn part of the Monowall and I have
>> intermittent connectivity problems (multiple times per day). When I
>> reset the Monowall the connection is able to initialize just fine.
>> is what I see in my System Log:
>> racoon: INFO: pfkey.c:1466:pk_recvexpire(): IPsec-SA expired:
>> Here are the parameters of my vpn connection:
>> Phase 1
>You need a lifetime on both. I'd imagine that will solve it. That's
>why you're seeing multiple SA's.
I would have thought that too, however I had the same problem with using
lifetimes of 28800 in both "lifetime fields". I also experienced the
problem with both SoftRemote (version 8.0) and a Netgear FVS318 at the
other end of the Monowall (with lifetimes). I have just setup a
Monowall to Monowall tunnel tonight and everything looks good so far. I
will update my status as soon as it fails (creates multiple tunnels). I
have had it suggested that MTU clamping (packet truncation) could be the
problem, any thoughts?