Centos 5 is also a bit old os. Is it possible to use newer version? (like centos 7 or centos 6?) Eero 2016-02-09 19:52 GMT+02:00 Gordon Messmer <gordon.messmer at gmail.com>:> On 02/09/2016 07:04 AM, John Cenile wrote: > >> does anyone have any suggestions on what the problem might be? >> > > Not off the top of my head, but if I were you, I'd enable debugging of > "control" and "dpd". See man ipsec.conf (/plutodebug) and man ipsec_pluto. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
So lowering the keylife / ikelifetime didn't solve the problem. I've enabled debugging and I'll see what it says. Unfortunately we can't (easily) upgrade CentOS, do you believe that would make a huge difference though? Are the newer versions of OpenSwan *that *much more reliable? On 10 February 2016 at 04:58, Eero Volotinen <eero.volotinen at iki.fi> wrote:> Centos 5 is also a bit old os. Is it possible to use newer version? (like > centos 7 or centos 6?) > > Eero > > 2016-02-09 19:52 GMT+02:00 Gordon Messmer <gordon.messmer at gmail.com>: > > > On 02/09/2016 07:04 AM, John Cenile wrote: > > > >> does anyone have any suggestions on what the problem might be? > >> > > > > Not off the top of my head, but if I were you, I'd enable debugging of > > "control" and "dpd". See man ipsec.conf (/plutodebug) and man > ipsec_pluto. > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
Well. Centos 5 is really near of it's end of life. There is not much updates to kernel or openswan. You should at least try latest openswan version. Your issue looks like a bit network problem. -- Eero 2016-02-10 8:34 GMT+02:00 John Cenile <jcenile1983 at gmail.com>:> So lowering the keylife / ikelifetime didn't solve the problem. I've > enabled debugging and I'll see what it says. > > Unfortunately we can't (easily) upgrade CentOS, do you believe that would > make a huge difference though? Are the newer versions of OpenSwan *that > *much > more reliable? > > On 10 February 2016 at 04:58, Eero Volotinen <eero.volotinen at iki.fi> > wrote: > > > Centos 5 is also a bit old os. Is it possible to use newer version? (like > > centos 7 or centos 6?) > > > > Eero > > > > 2016-02-09 19:52 GMT+02:00 Gordon Messmer <gordon.messmer at gmail.com>: > > > > > On 02/09/2016 07:04 AM, John Cenile wrote: > > > > > >> does anyone have any suggestions on what the problem might be? > > >> > > > > > > Not off the top of my head, but if I were you, I'd enable debugging of > > > "control" and "dpd". See man ipsec.conf (/plutodebug) and man > > ipsec_pluto. > > > > > > _______________________________________________ > > > CentOS mailing list > > > CentOS at centos.org > > > https://lists.centos.org/mailman/listinfo/centos > > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >