RE: [Users] ERROR: asynchronous network error

From: Sam Sgro (sam_at_freeswan.org)
Date: Fri Jan 03 2003 - 10:30:05 CET

• Next message: paul: "[Users] Let's be friends"
• Previous message: amj-electronics: "[Users] A special funny website"
• In reply to: Mimmus: "RE: [Users] ERROR: asynchronous network error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 3 Jan 2003, Mimmus wrote:

> The IP was an old address I used during a previous attempt using dialup!
> Is it possible that FreeSWAN try to resume very old connection (sorry for
> the question but I have no deep knowledge of IPSEC)? I have keyingtries=0.
> Problem disappeared after restarting FreeSWAN (now I inserted a 'service
> ipsec restart' in cron.daily).

Yes - with keyingtries=0, you'll continuously try to rekey connections, even
after Roadwarriors have disconnected. (Delete SA requests are ignored in stock
FS, but that (obviously) won't handle graceless disconnects.) Generally, you
want to use "keyingtries=3" for your Roadwarrior connections.

- --
Sam Sgro
sam_at_freeswan.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.

iQCVAwUBPhVYIEOSC4btEQUtAQGF+AP/YvFnhKE+NIpJR8gfNGtGouk7d37+EwcU
ummcE5bCNQqerAoQ22bECRsVUWTkuLpbRq6HYYi4+InaOE9tCCNshso26c+xRuHM
+TS1BAqDrk/xvVGD2U9RvRN81qKsCMm+AIzxUC8RgE/0GFbHEM/OasEq0ED1YDaL
SeBI4UQVs5Q=
=kQwM
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: paul: "[Users] Let's be friends"
• Previous message: amj-electronics: "[Users] A special funny website"
• In reply to: Mimmus: "RE: [Users] ERROR: asynchronous network error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sat Jan 04 2003 - 05:21:14 CET