[ previous ] [ next ] [ threads ]
 
 From:  "Christopher M. Iarocci" <iarocci at eastendsc dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall mailing list <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] VPN broken in current beta
 Date:  Thu, 14 Oct 2004 07:24:48 -0400
Chris Buechler wrote:

>On Wed, 13 Oct 2004 07:36:08 -0400, Christopher M. Iarocci
><iarocci at eastendsc dot com> wrote:
>  
>
>>Not sure if this has been mentioned, but here goes just in case.
>>
>>I have m0n0 connected to a Cisco router and 2 Netopia routers via
>>IPSec.  Since the last beta release I've been having the problem of the
>>VPN getting disconnected (for whatever reason, could be timeout, could
>>be internet issues), and then never reconnecting unless I reboot the
>>m0n0wall, or go into the VPN settings and click "Save".  It then quickly
>>reconnects without issue, until it disconnects again.  With version 1.1
>>and even the previous beta to 1.2b1 I did not have this problem.
>>Nothing has been changed on the other ends for a LONG time.  Just
>>thought I'd mention this.  Can supply logs if you want, although they
>>don't say much because m0n0 seems to think it's still connected and
>>never even tries to reconnect.
>>
>>    
>>
>
>Check your SA's under Diagnostics -> IPsec.  I'm curious if you're
>getting duplicates like I was with the new IPsec prefer newer patch. 
>Are they all doing this, or just one/some of them?
>
>The latest beta seems to be pickier about mismatched settings.  I have
>a VPN to a Cisco PIX that was fine for 5 months and immediately
>started dropping left and right after upgrading to 1.2b1.  Changing a
>mismatched timeout fixed it, though some issues still remain.  (it
>stays up though, it's not a problem, just something I need to figure
>out)
>
>The thread "1.2b1 IPsec SA issues" on this page has some good info
>from Fred Wright. 
>http://m0n0.ch/wall/list-dev/?action=show_threads&actionargs[]=200409#%2Farchive%2F4%2F20
>
>-Chris
>
>  
>
Chris,

Thanks for the info.  I do not have any duplicate SA's, and yes, it does 
happen to all tunnels, not just the one to the Cisco.  I will check the 
timeouts today for mismatches and see if that helps.

Chris