On 02/10/2016 10:10 PM, John Cenile wrote:
I do notice a lot of these errors in the secure log though, would this be
any indication of a problem? (I'm grepping for this specific error, they're
not the only messages in there).
Feb 11 14:18:10 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delet
As I said though, there's no lost ICMP packets, even when the IPSec tunnel
drops out.
I do notice a lot of these errors in the secure log though, would this be
any indication of a problem? (I'm grepping for this specific error, they're
not the only messages in there).
Feb 11 14:18:10 site-a pluto
Well. Centos 5 is really near of it's end of life. There is not much
updates to kernel or openswan. You should at least try latest openswan
version.
Your issue looks like a bit network problem.
--
Eero
2016-02-10 8:34 GMT+02:00 John Cenile :
> So lowering the keylife / ikelifetime didn't solve
So lowering the keylife / ikelifetime didn't solve the problem. I've
enabled debugging and I'll see what it says.
Unfortunately we can't (easily) upgrade CentOS, do you believe that would
make a huge difference though? Are the newer versions of OpenSwan *that *much
more reliable?
On 10 February 2
Centos 5 is also a bit old os. Is it possible to use newer version? (like
centos 7 or centos 6?)
Eero
2016-02-09 19:52 GMT+02:00 Gordon Messmer :
> On 02/09/2016 07:04 AM, John Cenile wrote:
>
>> does anyone have any suggestions on what the problem might be?
>>
>
> Not off the top of my head, bu
On 02/09/2016 07:04 AM, John Cenile wrote:
does anyone have any suggestions on what the problem might be?
Not off the top of my head, but if I were you, I'd enable debugging of
"control" and "dpd". See man ipsec.conf (/plutodebug) and man ipsec_pluto.
Try setting lower keyexpiry time on other endpoint.
--
Eero
2016-02-09 17:04 GMT+02:00 John Cenile :
> Hello,
>
> I'm cross posting this from the OpenSwan mailing list, in case someone here
> can help.
>
> We have two sites connected via OpenSwan 2.6.32-9 on CentOS 5, sharing 6
> /24 subnets eac
Thanks, I've updated the config with the following:
keylife=20m
ikelifetime=2h
I'll see how that goes.
In the mean time, any other suggestions would be greatly appreciated.
On 10 February 2016 at 02:14, Eero Volotinen wrote:
> Try setting lower keyexpiry time on other endpoint
Hello,
I'm cross posting this from the OpenSwan mailing list, in case someone here
can help.
We have two sites connected via OpenSwan 2.6.32-9 on CentOS 5, sharing 6
/24 subnets each (so 12 in total).
The problem we're having is completely randomly, be it in the middle of the
day, or in the midd
9 matches
Mail list logo
