Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: vpnc: devel Re: VPNC 0.5.3 Phase II ReKeying   Index | Next | Previous | View Flat

dcbw at redhat Oct 21, 2009, 10:01 AM Views: 1840 Permalink Re: VPNC 0.5.3 Phase II ReKeying [In reply to] On Tue, 2009-10-20 at 09:28 -0500, Clark Hartness wrote: > Greetings, > > Up front I am sorry for posting to the -devel group for > this question but I find no user or admin group to post to.... > > I downloaded and did a very straight forward: > > make > make install > > with VPNC 0.5.3 > > From what I can find on the groups I seem to be having issues Phase II > ReKeying > > Grep From /var/log/messages > > Oct 20 07:29:01 cymsfw vpnc[2321]: unknown spi 0xaa8f5c79 from peer > Oct 20 07:29:01 cymsfw vpnc[2321]: unknown spi 0xaa8f5c79 from peer > > Very Simple Conf File in place: > > [root [at] cymsf vpnc]# cat default.conf > # SJC > IPSec gateway <removed> > IPSec ID <removed> > IPSec obfuscated secret <removed> > # your username goes here: > Xauth username <removed> > Xauth password <removed> > # if you want to test rekeying specify nonzero seconds here: > #Rekeying interval 7200 > > > If I uncomment the Rekeying interval 7200 in the conf file I get the error: > > vpnc: warning: unknown configuration directive in /etc/vpnc/default.conf > at line 9 > > I have a monitor script in place that reconnects the VPN on failure but > I have some processes that are sensitive to the reconnect. > > Could someone point me to some documentation on how to configure the > Phase II Rekeying to avoid this? IIRC vpnc only supports the first rekeying interval, but does not support the second one which is usually 24 hours. I don't know if that second one is the 'phase II' or not. 'Rekeying interval' isn't needed because I believe vpnc is smart enough to figure that out automatically these days for the first (ISAKMP?) rekey. It used to be required in 0.3 or 0.4 right after the rekeying patch landed, but no longer is. As such, the option is not recognized in vpnc 0.5.x. Dan _______________________________________________ vpnc-devel mailing list vpnc-devel [at] unix-ag https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel http://www.unix-ag.uni-kl.de/~massar/vpnc/

Subject User Time VPNC 0.5.3 Phase II ReKeying chartness at camgian Oct 20, 2009, 7:28 AM     Re: VPNC 0.5.3 Phase II ReKeying dcbw at redhat Oct 21, 2009, 10:01 AM         Re: VPNC 0.5.3 Phase II ReKeying CHartness at camgian Oct 21, 2009, 10:19 AM     Re: VPNC 0.5.3 Phase II ReKeying tilman.schroeder at tu-dortmund Oct 25, 2009, 5:15 AM

Index | Next | Previous | View Flat   vpnc     announce     devel

Interested in having your list archived? Contact Gossamer Threads
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.