Menu
▾
▴
Re: [Ipsec-tools-devel] cisco vpn client - fails after expire
|
From: V <ve...@ne...> - 2005-05-31 15:46:22
|
Hello,
So..any comments? Could anybody help? Maybe you need debug log?
I have to reconnect vpn 5 times a day, it's really bad...
regards,
V
> Hello,
>
> I use this config:
>
> remote BBB.BBB.BBB.BBB
> {
> my_identifier keyid tag "GROUP";
> xauth_login "AAAA@GROUP";
> lifetime time 4 hours;
> proposal_check strict;
> mode_cfg on;
> script phase1-up.sh" phase1_up;
> script phase1-down.sh" phase1_down;
> proposal {
> encryption_algorithm 3des;
> hash_algorithm sha1;
> authentication_method xauth_psk_client;
> dh_group 2;
> }
> }
>
> So, my_identifier keyid tag and authentication_method xauth_psk_client =
are
> only in cvs version.
>
> I use linux. I use vpn to 2 different remotes and 2 different methods (=
1st
> - with preshared key, 2nd - to cisco concentrator with group and xauth
> authentication). So, there are several spd entries in that case.
>
> regards,
> V
>
>
>
>>
>>
>> V wrote:
>>> Hello,
>>>
>>> I use ipsec-tools from cvs with xauth patch from F. Senault. I use
>>> racoon
>>> to connect to cisco vpn concentrator with groupname aind xauth
>>> authentication.
>>> Problem: After ipsec-sa expires, it fails to reestablish ipsec and vp=
n
>>> tunnel doesnt works. So I have manually disconnect (racoonctl vd
>>> vpn-ip)
>>> and connect vpn again (racoonctl vc vpn-ip). I add log (AAA.AAA.AAA.A=
AA
>>> -
>>> my IP, BBB.BBB.BBB.BBB - remote IP):
>>>
>>
>>
>>> May 30 16:04:16 sms racoon: ERROR: failed to recv from pfkey (Resourc=
e
>>> temporarily unavailable)
>>
>> Hmmm. I don't like this entry in your logs. What OS do you use? Do you
>> have a lot of entries in SPD/SAD? When did you get code from cvs (few
>> days ago or much earlier).
>>
>> Do you need bleeding edge features? If not, please try 0.5.2 or 0.6bet=
a
>> versions as cvs is not considered stable.
>>
>> --
>> Aidas Kasparas
>> IT administrator
>> GM Consult Group, UAB
>>
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Yahoo.
> Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
> Search APIs Find out how you can build Yahoo! directly into your own
> Applications - visit http://developer.yahoo.net/?fr=3Doffad-ysdn-ostg-q=
22005
> _______________________________________________
> Ipsec-tools-devel mailing list
> Ips...@li...
> https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel
>
|