[ previous ] [ next ] [ threads ]
 
 From:  "Josh Simoneau" <jsimoneau at lmtcs dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] vpn tunnel dropping
 Date:  Thu, 16 Jun 2005 08:45:25 -0400
Cameron,

It does depend on what algorithm you are using and how critical security
is for your network (would someone be using a supercomputer to find your
key?) but you can likely increase the time even more.

Although the m0n0wall documentation and several posts here have stated
that phase 1 should be shorter than phase 2, my research indicates the
opposite. I don't think it's a bad idea to have phase 1 last a little
longer which might make your tunnel stay up for more time. 

Regards,
Josh Simoneau

-----Original Message-----
From: Cameron Showalter [mailto:cameron at gwschool dot com] 
Sent: Wednesday, June 15, 2005 5:28 PM
To: Cameron Showalter
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] vpn tunnel dropping

I think I answered my own question.   changing the lifetime to 4000 
seconds seems to have fixed it for now. 

Cameron Showalter wrote:

> lifetime is set at 400 seconds for both phase1 and 2, on both ends.  
> should it be set to longer?  all other connections are identical, and 
> do not drop - at least I'm not seeing them drop.
>
> thanks,
> cameron
>
>
> Josh Simoneau wrote:
>
>> What are you using for phase 1 and phase 2 times on either side? Are 
>> they the same on both ends?
>>
>> Regards,
>> Josh Simoneau
>>
>>
>> -----Original Message-----
>> From: Cameron Showalter [mailto:cameron at gwschool dot com] Sent: 
>> Wednesday, June 15, 2005 2:50 PM
>> To: m0n0wall at lists dot m0n0 dot ch
>> Subject: [m0n0wall] vpn tunnel dropping
>>
>> Hello,
>> I have 8 tunnels working, with data flowing very nicely.   except for

>> this one tunnel that i continue having issues with.   it happens to 
>> be my only tunnel that required an extra static route to properly 
>> connect.   the live ip for that endpoint is a dsl modem, then behind
the
>>
>> dsl modem is my symantec fw/vpn applicance model 100.  the symantec 
>> box has a wan IP of 192.168.254.2.     so on my end I have a static 
>> route set in m0n0 as:
>> LAN     192.168.254.0/24     66.60.133.##
>>
>>
>> which works mostly, but every five minutes I recieve emails from 
>> 'node-runner' my nms stating that the connection is down.  once I 
>> ping the private IP 99% of the time,  it comes back.  I've had them 
>> power cycle the symantec box twice because I couldnt even ping the 
>> 66.60.133.xx IP.
>> I've resorted to a crontab entry the sends out 10 pings on the remote

>> side to a local IP every five minutes and that seems to help, but not

>> completely  resolve the problem.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>>  
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch