On 7/7/2010 8:10 PM, Aaron Sarazan wrote: > Nope, just left it running and it looks like it timed out a long time > ago. Looks like it only lasts about 5 minutes, rain or shine. > >
Hi Aaron, Thanks for providing the debug output. For starters I can see why DPD isn't working. The peer doesn't advertise DPD support so the client doesn't enable it ... 10/07/08 08:19:33 << : vendor id payload 10/07/08 08:19:33 ii : unknown vendor id ( 16 bytes ) 10/07/08 08:19:33 0x : 09002689 dfd6b712 80a224de c33b81e5 10/07/08 08:19:33 << : vendor id payload 10/07/08 08:19:33 ii : peer is CISCO UNITY compatible 10/07/08 08:19:33 << : vendor id payload 10/07/08 08:19:33 ii : peer is IPSEC-TOOLS compatible 10/07/08 08:19:33 << : vendor id payload 10/07/08 08:19:33 ii : peer supports nat-t ( draft v02 ) 10/07/08 08:19:33 << : nat discovery payload 10/07/08 08:19:33 << : nat discovery payload 10/07/08 08:19:33 << : vendor id payload 10/07/08 08:19:33 ii : unknown vendor id ( 16 bytes ) 10/07/08 08:19:33 0x : 3b9031dc e4fcf88b 489a9239 63dd0c49 10/07/08 08:19:33 ii : forcing nat-t to enabled ( rfc ) 10/07/08 08:19:33 ii : switching to src nat-t udp port 4500 10/07/08 08:19:33 ii : switching to dst nat-t udp port 4500 It should send a DPDv1 vendor ID as the client does ... 10/07/08 08:19:31 >> : vendor id payload 10/07/08 08:19:31 ii : local supports DPDv1 I don't see anything else out of the ordinary in the client log file. If possible, can you send me some output from the gateway side? I'd like to see if it logs anything interesting when the communication error occurs. Thanks, -Matthew _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
