El Miircoles, 22 de Junio de 2005 15:33, jared r r spiegel escribis: > On Wed, Jun 22, 2005 at 02:01:43PM +0200, Abel Talaversn Estevez wrote: > > Is it normal? Can I solve it with a parameter like "Retransmit" or > > "Timeout"? I know that it happens something similar with D-Link > > Firewalls. > > need configs to answer accurately, please. > > shouldn't need to dinker with retransmit or timeout values., shouldn't > need to 'kickstart' the connection with a ping or so, unless it was > so-configured to begin with. > > jared > > - > > [ openbsd 3.7 GENERIC ( jun 10 ) // i386 ]
isakmpd.conf on one side: [General] Exchange-max-time= 30 Check-interval= 30 DPD_check_interval= 30 [Phase 1] 10.0.0.57= PEER-VPNPrueba2 Default= ISAKMP-clients [Phase 2] Connections= IPsec-clients,CONN-VPNPrueba2 # Phase 1 mobile client peer sections ##################################### [ISAKMP-clients] Phase= 1 Transport= udp Configuration= Client-main-mode Authentication= vpnclientopenwired # Phase 2 mobile client connection sections ########################################### [IPsec-clients] Phase= 2 Configuration= Client-quick-mode Local-ID= local-subnet Remote-ID= remote-client # Mobile client ID sections ########################### [local-subnet] ID-type= IPV4_ADDR_SUBNET Network= 0.0.0.0 Netmask= 0.0.0.0 [remote-client] ID-type= IPV4_ADDR Address= 0.0.0.0 # Mobile client modes ##################### [Client-main-mode] DOI= IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA [Client-quick-mode] DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-SUITE [Sucursal-main-mode] DOI= IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA [Sucursal-quick-mode] DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-SUITE # Sucursales #PEER Section VPNPrueba2 [PEER-VPNPrueba2] Phase= 1 Transport= udp Address= 10.0.0.57 Configuration= Sucursal-main-mode Authentication= hen3ex #CONNECTION SECTION VPNPrueba2 [CONN-VPNPrueba2] Phase= 2 ISAKMP-peer= PEER-VPNPrueba2 Configuration= Sucursal-quick-mode Local-ID= ID-LocalSubnet-VPNPrueba2 Remote-ID= ID-RemoteSubnet-VPNPrueba2 #Local ID Section [ID-LocalSubnet-VPNPrueba2] ID-type= IPV4_ADDR_SUBNET Network= 10.0.40.0 Netmask= 255.255.255.0 #Remote ID Section [ID-RemoteSubnet-VPNPrueba2] ID-type= IPV4_ADDR_SUBNET Network= 10.0.10.0 Netmask= 255.255.255.0 isakmpd.conf on the other side: [General] Exchange-max-time= 30 Check-interval= 30 DPD_check_interval= 30 [Phase 1] 10.0.0.67= PEER-VPNPrueba Default= ISAKMP-clients [Phase 2] Connections= IPsec-clients,CONN-VPNPrueba # Phase 1 mobile client peer sections ##################################### [ISAKMP-clients] Phase= 1 Transport= udp Configuration= Client-main-mode Authentication= vpnclientopenwired # Phase 2 mobile client connection sections ########################################### [IPsec-clients] Phase= 2 Configuration= Client-quick-mode Local-ID= local-subnet Remote-ID= remote-client # Mobile client ID sections ########################### [local-subnet] ID-type= IPV4_ADDR_SUBNET Network= 0.0.0.0 Netmask= 0.0.0.0 [remote-client] ID-type= IPV4_ADDR Address= 0.0.0.0 # Mobile client modes ##################### [Client-main-mode] DOI= IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA [Client-quick-mode] DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-SUITE [Sucursal-main-mode] DOI= IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA [Sucursal-quick-mode] DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-SUITE # Sucursales #PEER Section VPNPrueba [PEER-VPNPrueba] Phase= 1 Transport= udp Address= 10.0.0.67 Configuration= Sucursal-main-mode Authentication= hen3ex #CONNECTION SECTION VPNPrueba [CONN-VPNPrueba] Phase= 2 ISAKMP-peer= PEER-VPNPrueba Configuration= Sucursal-quick-mode Local-ID= ID-LocalSubnet-VPNPrueba Remote-ID= ID-RemoteSubnet-VPNPrueba #Local ID Section [ID-LocalSubnet-VPNPrueba] ID-type= IPV4_ADDR_SUBNET Network= 10.0.10.0 Netmask= 255.255.255.0 #Remote ID Section [ID-RemoteSubnet-VPNPrueba] ID-type= IPV4_ADDR_SUBNET Network= 10.0.40.0 Netmask= 255.255.255.0 Any idea? I've been trying some values in check-interval and exchange-max-time with no success
