[vpnc-devel] Basic rekeying support
Tomas Mraz
tmraz at redhat.com
Mon Mar 27 18:33:37 CEST 2006
On Mon, 2006-03-27 at 07:51 -0700, Wendell Nichols wrote:
> I have run this patch for a day now and I find that the client hangs up
> periodically. I'm not sure if it is the fault of the server or not
> (lord knows, the Cisco client hangs up constantly too!). The messages in
> syslog are:
>
> Jan 12 21:49:07 treebeard kernel: eth0: Promiscuous mode enabled.
> Jan 12 21:52:46 treebeard vpnc[28005]: unknown spi 2756428085
> Jan 12 21:52:46 treebeard vpnc[28005]: unknown spi from 123.12.123.123
> Jan 12 21:53:46 treebeard netplugd[1590]: tun1: ignoring event
> Jan 12 21:53:46 treebeard netplugd[1590]: tun1: ignoring event
> Jan 12 21:53:47 treebeard kernel: eth0: Promiscuous mode enabled.
> Jan 12 21:54:07 treebeard kernel: eth0: Promiscuous mode enabled.
>
> Around this time the connection drops. If there is some more info I
> could gather I would be happy to. If I should breakstop the code at
> this point I can do that as well... just tell me where.
> wcn
You can try to run vpnc with --debug 3 and --no-detach options. However
note that the rekeying support is really incomplete. However it works
good enough when the client is behind NAT and the NAT-T mode is used.
Also rekeying of the ISAKMP SA is missing so it will eventually
disconnect anyway, just the interval is longer.
--
Tomas Mraz <tmraz at redhat.com>
More information about the vpnc-devel
mailing list