Re: [m0n0wall] IPSEC VPN requires daily restart

From:	Chris Buechler <cbuechler at gmail dot com>
To:	Matt Brown <matt at mbrown dot co dot uk>
Cc:	M0n0Wall <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] IPSEC VPN requires daily restart
Date:	Mon, 9 May 2005 17:12:20 -0400

On 5/9/05, Matt Brown <matt at mbrown dot co dot uk> wrote:
> 
> On 9 May 2005, at 21:31, Chris Buechler wrote:
> 
> > On 5/9/05, Matt Brown <matt at mbrown dot co dot uk> wrote:
> >
> >>
> >> I am having a small problem with VPN's, I have managed to get
> >> multiple m0n0 to m0n0 VPN's running for various sites - but they seem
> >> to require a manual restart every day.
> >>
> >>
> >
> > That usually happens when you have mismatched timeouts on one or both
> > phases.  Otherwise check your SAD on both sides under Diagnostics ->
> > IPsec and see what it's showing.
> >
> 
> Do you mean the lifetime value ? if so I have both of these blank (as
> default) - should they have a value ? or will it mean they will just
> disconnect sooner/later.
> 

Yeah, that's your problem right there.  Put in something (matching on
both ends) there and it shouldn't do that.  I know somebody else had
the same problem not too long ago with leaving it blank.  It's valid
under some circumstances, but I wouldn't leave it that way for this
setup.

-Chris