[ previous ] [ next ] [ threads ]
 From:  "Bradley Van Peursem" <bradley at itelework dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPSEC Problem with 1.2b9
 Date:  Fri, 30 Sep 2005 14:20:20 -0700
Does this issue affect Static-IP to Static-IP connections, or just
Dynamic-IP(mobile) to Static-IP connections?

We are loosing ipsec tunnels about every week or so, rebooting both ends
doesn't help, but revisiting the ipsec connections, saving them, then
they will reestablish.

The only other "known" variable we have is that we are using an
acceleration Crypto card from Soekris in the Central unit(using 3DES, as

Any help would be appreciated.


-----Original Message-----
From: Manuel Kasper [mailto:mk at neon1 dot net] 
Sent: Wednesday, September 07, 2005 10:18 PM
To: Lohrmann Carsten
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] IPSEC Problem with 1.2b9

On 07.09.05 20:28 -0400, Lohrmann Carsten wrote:

> since i changed from mono 1.11 to 1.2b9 i have a problem with IPSEC 
> connection of mobile clients.
> After the expiration of the Phase 2 Lifetime, the VPN connection 
> breaks down. I have to disconnect and reconnect, to get the VPN 
> working again.
> With 1.11 everything worked perfectly (same settings).

Yes, I've also confirmed this yesterday when I was trying a new IPsec
client for Windows. It's a bug in racoon (it doesn't refresh the
expiration timer of the policy upon rekeying, not even in the latest
racoon version), but I've found and applied a fix for it, so it should
work with 1.2b10.

- Manuel