From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Wed Jul 31 2002 - 15:01:16 CEST
How does the rekeying history of the owner of IPsec SA #122 look like?
Did FreeS/WAN try to renew the IPSec SA when #122 was about to expire?
Had the user already logged off by that time? Usually FreeS/WAN
tries to renew the IPsec SA a certain number of times depending
on the keyingtries parameter and when all these trials fail the
connection is unrouted. Using Mathieu Lafon's delete notification
patch a delete notification sent e.g. by SSH Sentinel when it is
properly shut down is heeded by FreeS/WAN and leads to an
automatic unrouting as soon as the remote client goes down.
Regards
Andreas
Norbert Wegener wrote:
> Andreas Steffen wrote:
>
>>It seems that an old connection #122 did not get unrouted so that
>>the new one could not be routed because the eroute was still
>>established. Was it both times the same user logging in with IP
>>193.101.100.149 and what time interval elapsed between IPsec SA #122
>>and IPsec SA #712?
>
> No, it was not the same user. The logs show, that #122 had been
> established the evening before:
>
> Jul 29 20:39:46 lnxe Pluto[16164]: "rest" 193.101.100.149 #122: IPsec SA
> established
>
> Norbert
======================================================================
Andreas Steffen e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH phone: +41 76 340 25 56
Alter Zürichweg 20 home: http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Mon Aug 05 2002 - 21:01:34 CEST