According to http://doc.m0n0.ch/handbook/ipsec-tunnels.html it says that it
recommends using 28880 for phase 1?
Lifetime: This field is far more important then it appears. This lifetime,
as opposed to the one in phase 2, is how long your end will wait for phase 1
to be completed. I suggest using 28800 in this field.
Lifetime: This is the lifetime the negotiated keys will be valid for. Do not
set this to too high of a number. E.g. more than about a day (86400) as
doing so will give people more time to crack your key. Donít be over
paranoid either; there is no need to set this to 20 minutes or something
like that. Honestly, one day is probably good.
Im willing to try anything so I will try what youve said, although I think
Phase 1 should complete rather quickly, so waiting 28880 seconds seems like
enough for me?
From: Bjoern Euler [mailto:lists at edain dot de]
Sent: Wednesday, 20 December 2006 8:21 PM
To: m0n0wall at lists dot m0n0 dot ch
Cc: jai at innaloo dot net
Subject: Re: [m0n0wall] Random lack of Dataflow over IPSEC VPN
On 20.12.2006 12:09 Jai Ketteridge wrote:
> Its possible that its doing that - On the WAN home tab in the modem it
> that the Firewall and NAT is enabled. I may try disabling them but if I do
> that and it doesnt work im screwed because the modem is 5000km from me and
> If i cannot remote in Im in big trouble!!!
In that case I would not change any of the settings on the Dlink. We
don't want to make it worse and it was only a suggestion from my side.
No changes before there is some more information.
> Here is the IPSEC from SINGAPORE
What caught my attention when looking at your configuration are the
lifetime settings for Phase 1 and 2. I strongly suggest to set the phase
1 lifetime to a higher value than phase 2 lifetime!
I have made good experiences with
Phase 1 lifetime 86400
Phase 2 lifetime 3600
Try changing to these values before doing anything else.