On Mon, Apr 7, 2008 at 9:47 AM, VANHULLEBUS Yvan <vanhu@...> wrote:
> On Thu, Apr 03, 2008 at 11:10:49AM -0600, Phillip Hellewell wrote:
> > What is the best way to debug the problem of a tunnel that randomly
> > working (i.e., I can no longer ping hosts on the remote subnet)?
> racoon -dd will give you some informations, but also *huge* debug and
> some confidential things (preshared keys, identities, IPs, etc...).
> tcpdump can also be your friend, and you may also wand to monitor SAs
> when they are about to go to dying mode (at 80% of their lifetime).
Thanks for your help. I will try some more things and let you know when I
have more information.
> > If I bring the tunnel down and back up (i.e., redo phase 1 and 2), it
> > working again.
> > I can't determine if it has problems renewing after the lifetime has
> > or if it is more random than that.
> Does this problem happen at 80% of a phase2's lifetime ?
> According to your logs, the first thing I'll check would be phase1
> lifetime on both ends.
I'm thinking now that it must not be related to lifetime (of phase 1 or
phase 2), because sometimes I can go all day without any problems, and other
times it will stop working after just 5 minutes of bringing the tunnel up.
The sporadic nature of the problem makes it hard to debug, but I'll keep