[Users] Firebox & FreeSWAN

From: freeswan-user (arise_at_compass.com.ph)
Date: Sat Aug 17 2002 - 11:31:12 CEST

• Previous message: stuart: "Re: Re[2]: [Users] ipsec0 drops pings"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

hi,

i have successfully established a tunnel between a firebox & freeswan with
the ff: settings for the firebox:

firebox:

        - key negotiation type -> isakmp
        - shared key

        phase 1
        - authentication -> md5-hmac
        - encryption -> 3des-cbc
        - diffie helman group -> 2
        - pfs -> no
        - negotiation timeout -> 24h

        phase 2
        - type -> esp
        - authentication -> md5-hmac
        - encryption -> 3des-cbc
        - force key encryption is unchecked

but i noticed that everytime the keying channel expired (on the freeswan
side), i need to restart pluto to bring the tunnel up again.

there are also instances for superseded connections which is being
initiated by the firebox. when this occur, restarting freeswan doesn't
make sense. i can't initiate a connection from the firebox since it was
beyond my control and the firebox administrator does not have any idea too.

is there something i miss here?

any help is already appreciated.

regards,

Ron

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Previous message: stuart: "Re: Re[2]: [Users] ipsec0 drops pings"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Aug 17 2002 - 13:19:45 CEST