[TriLUG] [davjorda at cisco.com: [davjorda at cisco.com: Re: vpnc dropping out]]
Ron Joffe
rjoffe at yahoo.com
Fri Sep 1 11:28:50 EDT 2006
Clay,
Follow up in detail on the vpnc mailing list, but a quick overview is:
vpnc does not handle a function utilized within the concentrator called
rekeying. The timing on this depends on a number of factors, and as I
understand will require a complete re-write on the vpnc code base.
I have written some wrapper scripts that basically do the following:
1. ping (or do an ssh-keyscan for those sites that do not allow icmp).
2. if the ping or ssh-keyscan result is negative, rebuild the tunnel.
I run this script via cron every few minutes.
My experience is that I timeout every 8 hours on the dot. I understand the
newest patches for vpnc last 23 hours.
Ron
On Friday 01 September 2006 10:41, clay at crazyclay.org wrote:
> ----- Forwarded message from David Clayton Jordan <davjorda at cisco.com>
> -----
>
>
>
> Wondered if anyone here has any good info on vpnc and how to extent the
> connection time?
>
>
> -Clay
> ----- Forwarded message from David Clayton Jordan <davjorda at cisco.com>
> -----
>
> Mine seems to drop every 4 hours or somewhere in that range... also it
> seems to drop sooner if youre inactive for a period of time...
>
> if anyone knows how to fix this, Id be interested to know as well, but Ive
> just dealt with it so far.
>
> -Clay
>
> On Fri, Sep 01, 2006 at 03:30:29PM +0100, Alun Evans wrote:
> > This one:
> > http://www.unix-ag.uni-kl.de/~massar/vpnc/
> >
> > Not the vpnclient.
> >
> > On the web page it says:
> > o rekeying is not supported (default rekey-intervall is 8 hours)
> >
> > though it seems to drop out much more often than that.
> >
> > Is there something mystical I can do to extend the time it maintains the
> > connection...?
> >
> >
> > A.
> >
> > --
> > Alun Evans
> > IOS Software Engineer, cisco Systems.
> > http://www.cisco.com/go/ipv6/
>
> --
> +------------------------------------------------------+
>
> | Clay Jordan | | |
> | Tacsuns Team ||| ||| |
> | RTP, North Carolina .|||||. .|||||. |
> | Phone 919-392-0597 .:|||||||||:.:|||||||||:. |
> | e-mail cj at cisco.com C i s c o S y s t e m s |
>
> +------------------------------------------------------+
>
>
>
> ----- End forwarded message -----
>
> --
> +---------------------------------+
>
> | Clay Jordan |
> |
> | e-mail clay at crazyclay.org |
> | http://www.crazyclay.org |
> | http://www.gentoo.org |
>
> +---------------------------------+
More information about the TriLUG
mailing list