Displaying 8 results from an estimated 8 matches for "ikelifetim".
Did you mean:
ikelifetime
2016 Feb 09
4
OpenSwan Drop Out Issue
...elieve it's traffic
related), certain (and sometimes all) routes will drop. They usually
recover after a few minutes, but it's still long enough for our monitoring
to detect downtime.
The configuration we have on each device is:
conn site-a
keyingtries=0
keylife=1h
ikelifetime=8h
left=1.1.1.1
right=2.2.2.2
leftsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24}
rightsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24}
pfs=yes
auto=start
authby=secret
dpddelay=30
dpdt...
2016 Feb 09
2
OpenSwan Drop Out Issue
Centos 5 is also a bit old os. Is it possible to use newer version? (like
centos 7 or centos 6?)
Eero
2016-02-09 19:52 GMT+02:00 Gordon Messmer <gordon.messmer at gmail.com>:
> On 02/09/2016 07:04 AM, John Cenile wrote:
>
>> does anyone have any suggestions on what the problem might be?
>>
>
> Not off the top of my head, but if I were you, I'd enable debugging
2016 Aug 17
6
[Bug 1082] New: Hard lockup when inserting nft rules (esp. ct rule)
https://bugzilla.netfilter.org/show_bug.cgi?id=1082
Bug ID: 1082
Summary: Hard lockup when inserting nft rules (esp. ct rule)
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: blocker
Priority: P5
Component: kernel
Assignee:
2016 Feb 10
2
OpenSwan Drop Out Issue
...5 is really near of it's end of life. There is not much
updates to kernel or openswan. You should at least try latest openswan
version.
Your issue looks like a bit network problem.
--
Eero
2016-02-10 8:34 GMT+02:00 John Cenile <jcenile1983 at gmail.com>:
> So lowering the keylife / ikelifetime didn't solve the problem. I've
> enabled debugging and I'll see what it says.
>
> Unfortunately we can't (easily) upgrade CentOS, do you believe that would
> make a huge difference though? Are the newer versions of OpenSwan *that
> *much
> more reliable?
>
>...
2016 Feb 17
2
Openswan <-> VyOS
...'ve posted this on the VyOS forums, but haven't had many helpful
responses, so I thought I would ask here.
http://forum.vyos.net/showthread.php?tid=26504&pid=29703#pid29703
Basically our Openswan configuration is as follows:
conn VYOS
keyingtries=0
keylife=20m
ikelifetime=2h
left=<VYOS IP>
right=<OPENSWAN IP>
leftsubnets={
10.1.1.0/24,10.1.2.0/24,10.1.3.0/24,10.1.4.0/24,10.1.5.0/24}
rightsubnets={10.2.1.0/24,10.2.2.0/24,10.2.3.0/24,10.2.4.0/24}
auto=start
authby=secret
dpddelay=30
dpdtimeou...
2016 Feb 10
0
OpenSwan Drop Out Issue
So lowering the keylife / ikelifetime didn't solve the problem. I've
enabled debugging and I'll see what it says.
Unfortunately we can't (easily) upgrade CentOS, do you believe that would
make a huge difference though? Are the newer versions of OpenSwan *that *much
more reliable?
On 10 February 2016 at 04:58, Eero Vo...
2016 Feb 09
0
OpenSwan Drop Out Issue
...and sometimes all) routes will drop. They usually
> recover after a few minutes, but it's still long enough for our monitoring
> to detect downtime.
>
> The configuration we have on each device is:
>
> conn site-a
> keyingtries=0
> keylife=1h
> ikelifetime=8h
> left=1.1.1.1
> right=2.2.2.2
>
>
> leftsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24}
>
>
> rightsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24}
> pfs=yes
> auto=start
>...
2016 Feb 11
0
OpenSwan Drop Out Issue
...not much
> updates to kernel or openswan. You should at least try latest openswan
> version.
>
> Your issue looks like a bit network problem.
>
> --
> Eero
>
> 2016-02-10 8:34 GMT+02:00 John Cenile <jcenile1983 at gmail.com>:
>
> > So lowering the keylife / ikelifetime didn't solve the problem. I've
> > enabled debugging and I'll see what it says.
> >
> > Unfortunately we can't (easily) upgrade CentOS, do you believe that would
> > make a huge difference though? Are the newer versions of OpenSwan *that
> > *much
>...