Menu
▾
▴
Re: [Ipsec-tools-users] racoon connection stuck after a while
|
From: Mick <mic...@gm...> - 2015-03-27 21:06:31
|
On Friday 27 Mar 2015 16:27:14 Thomas Lau wrote: > Hi All, > > I am currently running racoon with GRE tunnel on top of it. It was > fine at the beginning but after a while GRE tunnel stop working, and I > can't ping the other side of GRE tunnel, the only way to do the trick > is to restart racoon and reconnect VPN. Hi Thomas, I'm guessing that the other peer is a Cisco router? > I got DPD enabled, seems didn't help. It doesn't seems the VPN have > dropped, but somehow GRE just can't pass, anyone have idea ? Can you try disabling NAT-T if you do not need it (i.e. if the peers are both internet facing) and see if the problem persists? Something else to check is if the Linux machine is returning GRE keep-alive packets; see here for the reasons: http://iamlinux.technoyard.in/blog/gre-keepalive-does-not-work/ It seems therefore that if you set up ping from the Cisco to the Linux box the GRE tunnel should stay up. Hope this helps. -- Regards, Mick |