From owner-freebsd-net@FreeBSD.ORG Tue Jul 31 02:53:50 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 51A5416A417 for ; Tue, 31 Jul 2007 02:53:50 +0000 (UTC) (envelope-from fbsd-net@mawer.org) Received: from webmail.icp-qv1-irony3.iinet.net.au (webmail.icp-qv1-irony3.iinet.net.au [203.59.1.108]) by mx1.freebsd.org (Postfix) with ESMTP id C61FF13C46A for ; Tue, 31 Jul 2007 02:53:49 +0000 (UTC) (envelope-from fbsd-net@mawer.org) Received: from unknown (HELO [10.24.1.1]) ([203.206.173.235]) by outbound.icp-qv1-irony-out1.iinet.net.au with ESMTP; 31 Jul 2007 10:24:28 +0800 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgAAAOE5rkbLzq3r/2dsb2JhbAAN X-IronPort-AV: i="4.19,201,1183305600"; d="scan'208"; a="170840393:sNHT1104363666" Message-ID: <46AE9D28.6000801@mawer.org> Date: Tue, 31 Jul 2007 12:23:36 +1000 From: Antony Mawer User-Agent: Thunderbird 2.0.0.5 (Windows/20070716) MIME-Version: 1.0 To: Isaac Kohen References: <7feb82f40707301752j2ccb235eof197fed852188bd5@mail.gmail.com> In-Reply-To: <7feb82f40707301752j2ccb235eof197fed852188bd5@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: IPSEC connection drops and doesn't recover X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jul 2007 02:53:50 -0000 On 31/07/2007 10:52 AM, Isaac Kohen wrote: > I'm running 6.2-REL. My kernel is compiled with IPSEC, IPSEC_ESP, and > IPSEC_DEBUG. I've installed ipsec-tools 0.6.7. > > I've had an openbsd ipsec/vpn gateway for several years that recently died > as a result of hardware failure. I moved my configuration from isakmpd to > racoon > and can connect successfully to all the linksys vpn "routers" that I could > connect to before. Problem is that after a few hours the connection drops > and doesn't come back up until I do setkey -F and setkey -FP and restart > racoon. My openbsd/isakmpd setup worked very well so I'm guessing it's not > those cheap linksys boxes. > > I thought it was racoon at first, so I installed and ran isakmpd on freebsd > using my isakmpd.conf from the openbsd box that I knew worked, but the same > problem persisted. Another "me too" -- we have been running an IPSEC link between FreeBSD 6.2-RELEASE gateway and a Billion 7404VGO VPN router. The VPN link itself operates fine, but frequently the connection drops and we have to go through a song-and-dance of restarting racoon, the VPN router, etc trying to get it back up and running. I haven't got around to tracking down the exact sequence necessary to bring it back up and running, but eventually after restarting everything we manage to get things operating again (until the next time). I will try and find some more details when I get the opportunity... --Antony