[ previous ] [ next ] [ threads ]
 
 From:  "=?ISO-8859-1?Q?G=FCnther=20Starnberger?=" <Guenther dot Starnberger at cs dot or dot at>
 To:  <middelink at polyware dot nl>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Antw: Re: [m0n0wall] Using IPsec behind two NATing modems
 Date:  Tue, 29 Jun 2004 17:19:25 +0200 
Hi,

> Yes, you can. The only problem I have found with such setup is that
> the session table inside the modems tends to time-out before the
> VPN rekeys. This means on low traffic links (like at night?) the
> VPN becomes very unrealiable if not kept alive.

Ok, thanks - my IPsec tunnel works now, but I'm experiencing the
problem you described (if the link is idle for some time I can't get any
packets through).

> Hint, another reason to have keep alive in VPN links active!!

hmm.. is there an option somewhere in m0n0wall for this which I have
overlooked? does setting the lifetime of phase 2 to a low value help?

cu
/gst