Re: [Users] Windows Timeout => IPSEC SA

From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Fri Nov 22 2002 - 18:44:03 CET

• Next message: Cressatti, Dominique: "[Users] IPSec + L2TP VPN to MS firewall (ISA) working !"
• Previous message: Andreas Steffen: "Re: [Users] X509 patch and smoothtunnel"
• In reply to: bbj17_at_gmx.de: "[Users] Windows Timeout => IPSEC SA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You can apply Mathieu Lafon's Notification/Delete SA Patch
available from

   http://open-source.arkoon.net/

to FreeS/WAN. W2k unfortunately deletes an IPsec SA after
about 6 minutes of inactivity but it sends a Delete Notification
before the connection goes down. With the patch installed
FreeS/WAN will delete its side of the connection, too.

If you want the connection to be up all the time, configure
a WINS server in the subnet behind the FreeS/WAN gateway
and point W2k on the roadwarrior to it. This will produce
so much verbose traffic that the connection will never go down ;-)

Andreas

bbj17_at_gmx.de wrote:
> Hi,
>
> I have a working FreeS/WAN-W2k-Implementation.
> I use FreeS/WAN 1.99 and Marcus-Mueller-Tool for W2K.
>
> Roadwarrior can establish tunnel and work, ererything is fine.
> But now I have some Roadwarriors that are remotly used over my IPSec-Tunnel.
> But somehow the tunnel gets disabled by w2k in cause of a timeout??
> Does Windows 2K automatically disable an-unused tunnel (for a few minutes).
> Because of this, I have to wait a few minutes/hours till the tunnel is
> reastablished and I can connect to the roadwarrior again...?
> Is there a solution?
> I could use a programm that pings every 10 minutes the Tunnel-to have it
> enabled all the time. Is there an other possibility?
> Perhaps a registry-Setting to disable Microsofts-Deleting of an unused
> tunnel.
>
> On freeswan-side I have this settings:
> keyingtries=1
> keylife=1h
> ikelifetime=240m
>
> On Windows-side:
> default-settings=> rekeying = 3600S/50000K
>
>
> Bye BC
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

-- 
======================================================================
Andreas Steffen                 e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH                  phone:  +41 76 340 25 56
Alter Zürichweg 20              home:   http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Cressatti, Dominique: "[Users] IPSec + L2TP VPN to MS firewall (ISA) working !"
• Previous message: Andreas Steffen: "Re: [Users] X509 patch and smoothtunnel"
• In reply to: bbj17_at_gmx.de: "[Users] Windows Timeout => IPSEC SA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sat Nov 23 2002 - 05:20:42 CET