From: Sam Sgro (sam_at_freeswan.org)
Date: Wed Nov 27 2002 - 07:32:14 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 26 Nov 2002, Avinash Shenoy wrote:
> I'm using FreeS/Wan 1.97 on RH 7.3 (rpms from http://rpms.steamballoon.com)
> and have setup a tunnel to a Nortel Contivity box. The tunnel comes up
> and works fine for a duration of about the period specified by the "keylife"
> parameter in /etc/ipsec.conf(I've set keylife=8h). After this period the
> tunnel seems to die out.
BTW, keylife refers to the IPSec SA renegotiation, which does appear to
succeed from the log excerpt.
> The ipsec0 interface is still visible, but no packets are seen passing through
> the tunnel.
The ipsec interface will always be available, regardless of the state of the
tunnel.
Aside from the frantic Delete SA payloads, the logs look fine.
If, despite the working SAs as indicated below, you never see ESP packets
on eth0 after the new IPSec SA has been negotiated, then focus you attention
on the FreeS/WAN machine. Post the output of the "ipsec barf" command, ideally
to a website.
This is a critical point; if you *do* see ESP packets, but no response, the
problem will likely lie with the Contivity, and you'd be best to investigate
its logs.
- --
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPeRm70OSC4btEQUtAQFebgP9GVNKxATCAYnQNVFzRSEQ2yKjPt97HJGt
7jx/r7MQrSQa1Da9UWneABQibOuzEhTCGfW86BOFamvgURHJjD9uSft2lueZJPUk
7hkCcpQNIrsulVo4Y1+i8tudf3ACJpea7cU+jhi9iNp6iMNjaTqwSVDgKZtCRCm4
T5PzQeaKNes=
=gV71
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Nov 28 2002 - 05:20:52 CET