[ previous ] [ next ] [ threads ]
 
 From:  "Kyle Anderson" <kyle at tcspdx dot com>
 To:  "'Chris Buechler'" <cbuechler at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] vpn problems
 Date:  Sat, 16 Apr 2005 23:17:54 -0700
>-----Original Message-----
>From: Chris Buechler [mailto:cbuechler at gmail dot com] 
>Sent: Saturday, April 16, 2005 3:18 PM
>To: Kyle Anderson
>Subject: Re: [m0n0wall] vpn problems

>>On 4/11/05, Kyle Anderson <kyle at tcspdx dot com> wrote:
>> 
>> 
>> I have set up the mobile vpn part of the Monowall and I have
>> intermittent connectivity problems (multiple times per day).  When I
>> reset the Monowall the connection is able to initialize just fine.
Here
>> is what I see in my System Log:
>> 
>> racoon: INFO: pfkey.c:1466:pk_recvexpire(): IPsec-SA expired:
ESP/Tunnel
>> 
>> Here are the parameters of my vpn connection:
>> Phase 1
>> 3DES-MD5
>> Lifefime=blank
>> 
>> Phase2
>> ESP
>> 3DES-MD5
>> PFS=off
>> Lifetime=blank
>> 

>You need a lifetime on both.  I'd imagine that will solve it.  That's
>why you're seeing multiple SA's.

>-Chris

I would have thought that too, however I had the same problem with using
lifetimes of 28800 in both "lifetime fields".  I also experienced the
problem with both SoftRemote (version 8.0) and a Netgear FVS318 at the
other end of the Monowall (with lifetimes).  I have just setup a
Monowall to Monowall tunnel tonight and everything looks good so far.  I
will update my status as soon as it fails (creates multiple tunnels).  I
have had it suggested that MTU clamping (packet truncation) could be the
problem, any thoughts?

Kyle Anderson