msebor at gmail
Nov 18, 2010, 5:26 PM
Views: 538
Permalink
|
|
vpnc ISAKMP_N_INVALID_COOKIE error every 456 minutes?
|
|
My vpnc session goes down every 456 minutes (real time). The usual
error is ISAKMP_N_INVALID_COOKIE (see below), usually (but not
always) after a few "unknown spi" messages. This happens every day,
after exactly 456 minutes of usage (I've been tracking it for a few
weeks now).
Does anyone have any pointers or suggestions for how to deal with
this?
I'm using vpnc version 0.5.3 on Fedora 13/x86_64.
Thanks
Martin
$ time vpnc --no-detach
...
VPNC started in foreground...
vpnc[2234]: unknown spi 0x8f2092d7 from peer
vpnc[2234]: unknown spi 0x8f2092d7 from peer
vpnc: quick mode response rejected: (ISAKMP_N_INVALID_COOKIE)(4)
this means the concentrator did not like what we had to offer.
Possible reasons are:
* concentrator configured to require a firewall
this locks out even Cisco clients on any platform expect windows
which is an obvious security improvment. There is no workaround (yet).
* concentrator configured to require IP compression
this is not yet supported by vpnc.
Note: the Cisco Concentrator Documentation recommends against using
compression, expect on low-bandwith (read: ISDN) links, because it
uses much CPU-resources on the concentrator
real 456m13.025s
user 0m19.105s
sys 0m10.117s
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/
|
vpnc ISAKMP_N_INVALID_COOKIE error every 456 minutes?