[vpnc-devel] Basic rekeying support
Wendell Nichols
wcn00 at shaw.ca
Tue Mar 28 00:58:11 CEST 2006
Ah, it seems that ISAKMP SA interval is what is expiring. The
connection just hangs with the tun device still up but inoperable.
thanks...
wcn
Tomas Mraz wrote:
> On Mon, 2006-03-27 at 07:51 -0700, Wendell Nichols wrote:
>
>> I have run this patch for a day now and I find that the client hangs up
>> periodically. I'm not sure if it is the fault of the server or not
>> (lord knows, the Cisco client hangs up constantly too!). The messages in
>> syslog are:
>>
>> Jan 12 21:49:07 treebeard kernel: eth0: Promiscuous mode enabled.
>> Jan 12 21:52:46 treebeard vpnc[28005]: unknown spi 2756428085
>> Jan 12 21:52:46 treebeard vpnc[28005]: unknown spi from 123.12.123.123
>> Jan 12 21:53:46 treebeard netplugd[1590]: tun1: ignoring event
>> Jan 12 21:53:46 treebeard netplugd[1590]: tun1: ignoring event
>> Jan 12 21:53:47 treebeard kernel: eth0: Promiscuous mode enabled.
>> Jan 12 21:54:07 treebeard kernel: eth0: Promiscuous mode enabled.
>>
>> Around this time the connection drops. If there is some more info I
>> could gather I would be happy to. If I should breakstop the code at
>> this point I can do that as well... just tell me where.
>> wcn
>>
>
> You can try to run vpnc with --debug 3 and --no-detach options. However
> note that the rekeying support is really incomplete. However it works
> good enough when the client is behind NAT and the NAT-T mode is used.
>
> Also rekeying of the ISAKMP SA is missing so it will eventually
> disconnect anyway, just the interval is longer.
>
>
More information about the vpnc-devel
mailing list