I use "unique" instead of "require" when the other encrypted domain is not a continuous network.

Are you sure the lifetime values for both phase 1 and phase 2 are the same at both ends ?

On 17 February 2010 15:34, Pier <pierg75@yahoo.it> wrote:
I got again the vpn disconnected.
Here the log:

2010-02-17 14:15:33: DEBUG: ===
2010-02-17 14:15:33: DEBUG: 84 bytes message received from 2.2.2.2[500] to 1.1.1.1[500]
2010-02-17 14:15:33: DEBUG:
2010-02-17 14:15:33: DEBUG: receive Information.
2010-02-17 14:15:33: DEBUG: compute IV for phase2
2010-02-17 14:15:33: DEBUG: phase1 last IV:
2010-02-17 14:15:33: DEBUG:
2010-02-17 14:15:33: DEBUG: hash(sha1)
2010-02-17 14:15:33: DEBUG: encryption(3des)
2010-02-17 14:15:33: DEBUG: phase2 IV computed:
2010-02-17 14:15:33: DEBUG:
2010-02-17 14:15:33: DEBUG: begin decryption.
2010-02-17 14:15:33: DEBUG: encryption(3des)
2010-02-17 14:15:33: DEBUG: IV was saved for next processing:
2010-02-17 14:15:33: DEBUG:
2010-02-17 14:15:33: DEBUG: encryption(3des)
2010-02-17 14:15:33: DEBUG: with key:
2010-02-17 14:15:33: DEBUG:
2010-02-17 14:15:33: DEBUG: decrypted payload by IV:
2010-02-17 14:15:33: DEBUG:
2010-02-17 14:15:33: DEBUG: decrypted payload, but not trimed.
2010-02-17 14:15:33: DEBUG:
2010-02-17 14:15:33: DEBUG: padding len=1
2010-02-17 14:15:33: DEBUG: skip to trim padding.
2010-02-17 14:15:33: DEBUG: decrypted.
2010-02-17 14:15:33: DEBUG:
2010-02-17 14:15:33: DEBUG: IV freed
2010-02-17 14:15:33: DEBUG: HASH with:
2010-02-17 14:15:33: DEBUG:
2010-02-17 14:15:33: DEBUG: hmac(hmac_sha1)
2010-02-17 14:15:33: DEBUG: HASH computed:
2010-02-17 14:15:33: DEBUG:
2010-02-17 14:15:33: DEBUG: hash validated.
2010-02-17 14:15:33: DEBUG: begin.
2010-02-17 14:15:33: DEBUG: seen nptype=8(hash)
2010-02-17 14:15:33: DEBUG: seen nptype=12(delete)
2010-02-17 14:15:33: DEBUG: succeed.
2010-02-17 14:15:33: DEBUG: delete payload for protocol ISAKMP
2010-02-17 14:15:33: INFO: ISAKMP-SA expired 1.1.1.1[500]-2.2.2.2[500] spi:0f59a95a8c8bfde6:673dbc6922ad16be
2010-02-17 14:15:33: DEBUG: purged SAs.
2010-02-17 14:15:34: INFO: ISAKMP-SA deleted 1.1.1.1[500]-2.2.2.2[500] spi:0f59a95a8c8bfde6:673dbc6922ad16be
2010-02-17 14:15:34: DEBUG: IV freed

Why is then not reactivated automatically?

Pier




------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
Ipsec-tools-devel mailing list
Ipsec-tools-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel



--
Silvian Cretu
http://www.silviancretu.ro/