From: V <ve...@ne...> - 2005-05-31 15:46:22
|
Hello, So..any comments? Could anybody help? Maybe you need debug log? I have to reconnect vpn 5 times a day, it's really bad... regards, V > Hello, > > I use this config: > > remote BBB.BBB.BBB.BBB > { > my_identifier keyid tag "GROUP"; > xauth_login "AAAA@GROUP"; > lifetime time 4 hours; > proposal_check strict; > mode_cfg on; > script phase1-up.sh" phase1_up; > script phase1-down.sh" phase1_down; > proposal { > encryption_algorithm 3des; > hash_algorithm sha1; > authentication_method xauth_psk_client; > dh_group 2; > } > } > > So, my_identifier keyid tag and authentication_method xauth_psk_client = are > only in cvs version. > > I use linux. I use vpn to 2 different remotes and 2 different methods (= 1st > - with preshared key, 2nd - to cisco concentrator with group and xauth > authentication). So, there are several spd entries in that case. > > regards, > V > > > >> >> >> V wrote: >>> Hello, >>> >>> I use ipsec-tools from cvs with xauth patch from F. Senault. I use >>> racoon >>> to connect to cisco vpn concentrator with groupname aind xauth >>> authentication. >>> Problem: After ipsec-sa expires, it fails to reestablish ipsec and vp= n >>> tunnel doesnt works. So I have manually disconnect (racoonctl vd >>> vpn-ip) >>> and connect vpn again (racoonctl vc vpn-ip). I add log (AAA.AAA.AAA.A= AA >>> - >>> my IP, BBB.BBB.BBB.BBB - remote IP): >>> >> >> >>> May 30 16:04:16 sms racoon: ERROR: failed to recv from pfkey (Resourc= e >>> temporarily unavailable) >> >> Hmmm. I don't like this entry in your logs. What OS do you use? Do you >> have a lot of entries in SPD/SAD? When did you get code from cvs (few >> days ago or much earlier). >> >> Do you need bleeding edge features? If not, please try 0.5.2 or 0.6bet= a >> versions as cvs is not considered stable. >> >> -- >> Aidas Kasparas >> IT administrator >> GM Consult Group, UAB >> > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by Yahoo. > Introducing Yahoo! Search Developer Network - Create apps using Yahoo! > Search APIs Find out how you can build Yahoo! directly into your own > Applications - visit http://developer.yahoo.net/?fr=3Doffad-ysdn-ostg-q= 22005 > _______________________________________________ > Ipsec-tools-devel mailing list > Ips...@li... > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel > |