Chris Buechler wrote:
>On Wed, 13 Oct 2004 07:36:08 -0400, Christopher M. Iarocci
><iarocci at eastendsc dot com> wrote:
>>Not sure if this has been mentioned, but here goes just in case.
>>I have m0n0 connected to a Cisco router and 2 Netopia routers via
>>IPSec. Since the last beta release I've been having the problem of the
>>VPN getting disconnected (for whatever reason, could be timeout, could
>>be internet issues), and then never reconnecting unless I reboot the
>>m0n0wall, or go into the VPN settings and click "Save". It then quickly
>>reconnects without issue, until it disconnects again. With version 1.1
>>and even the previous beta to 1.2b1 I did not have this problem.
>>Nothing has been changed on the other ends for a LONG time. Just
>>thought I'd mention this. Can supply logs if you want, although they
>>don't say much because m0n0 seems to think it's still connected and
>>never even tries to reconnect.
>Check your SA's under Diagnostics -> IPsec. I'm curious if you're
>getting duplicates like I was with the new IPsec prefer newer patch.
>Are they all doing this, or just one/some of them?
>The latest beta seems to be pickier about mismatched settings. I have
>a VPN to a Cisco PIX that was fine for 5 months and immediately
>started dropping left and right after upgrading to 1.2b1. Changing a
>mismatched timeout fixed it, though some issues still remain. (it
>stays up though, it's not a problem, just something I need to figure
>The thread "1.2b1 IPsec SA issues" on this page has some good info
>from Fred Wright.
Thanks for the info. I do not have any duplicate SA's, and yes, it does
happen to all tunnels, not just the one to the Cisco. I will check the
timeouts today for mismatches and see if that helps.