[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSec Dropouts
 Date:  Thu, 29 Sep 2005 23:52:19 -0400
On 9/29/05, Matt Groener <MGroener at line6 dot com> wrote:
> We have the same issue as well. Does anyone have an ipsec config they can share that is solid?  I
wonder if our timeout values are causing this.
>


my experience is m0n0wall's IPsec components don't stand up well under
poor network conditions (frequent drops, etc.).

can't really suggest much of anything, as my connections have never
had these kind of issues since they tend to be solid (or at least more
solid than described).  Out of curiousity, what are your timeouts?

Just be glad you aren't running a Cisco router site to site VPN.  I
have the misfortune of running a network of those at work.  If a T1
hiccups for just a fraction of a second (making the serial int go down
and up), the router drops its SA's and you have to manually clear the
SA on the other end to get things to reconnect.  I've put my
m0n0wall's through much worse and didn't have to touch them.

-Chris