From: Ken Bantoft (ken_at_freeswan.ca)
Date: Wed Nov 27 2002 - 13:57:28 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 27 Nov 2002, Sam Sgro wrote:
> --[PinePGP]--------------------------------------------------[begin]--
>
> On Tue, 26 Nov 2002, Avinash Shenoy wrote:
>
> > I'm using FreeS/Wan 1.97 on RH 7.3 (rpms from http://rpms.steamballoon.com)
> > and have setup a tunnel to a Nortel Contivity box. The tunnel comes up
> > and works fine for a duration of about the period specified by the "keylife"
> > parameter in /etc/ipsec.conf(I've set keylife=8h). After this period the
> > tunnel seems to die out.
>
> BTW, keylife refers to the IPSec SA renegotiation, which does appear to
> succeed from the log excerpt.
>
> > The ipsec0 interface is still visible, but no packets are seen passing through
> > the tunnel.
>
> The ipsec interface will always be available, regardless of the state of the
> tunnel.
>
> Aside from the frantic Delete SA payloads, the logs look fine.
Suggestion - maybe try the Delete/Notify SA patch from
http://open-source.arkoon.net and see what happens, since FreeS/WAN would
then delete the SA's entirely, instead of leaving them hanging around
until expiry time.
- --
Ken Bantoft The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca http://www.freeswan.ca
PGP Key: finger ken_at_bantoft.org
"Anyone who considers arithmetical methods of producing
random digits is, of course, in a state of sin."
-- John Von Neumann, 1951
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBPeTBO1iWUusaxGxpAQE2EAP+LCuhYBxUOO7RCtnG/COEt/+pn5/fZu8L
CR1ET9vqkpQNwSw7Jka2CiUkoUjcRDSOTl2j6PcI0xb/EMNnYT+blaadBb7ThJro
sKw/VchWz2psMgrDjOG7BoCcRakoGinRwdU/DpZ8yyJ0+ytNY2yNwMYdZ/h1AqH8
wWmFQQtnxwc=
=zqNu
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Nov 28 2002 - 05:20:52 CET