I've got a little problem with the lifetime/timeout of IPsec connections. The problem is that the connections don't ever seem to timeout. We have set up a Roadwarrior CA connection that works perfectly with the WinXP/2K built in IPsec functionality. However, when looking at the log files and the VPN Status output, you can see that any connection that has been made so far is still trying to reach its partner, even several days later. Even though there's no real possibility in Windows to properly shut down a connection, I think the system should not try to reestablish the connection forever. I bet this is also taking up some resources - besides cluttering the log file to an extent that makes it almost useless.
That's the current VPN status. The entries date back to connections that have been active several days ago and will actually never come back again due to the dynamic IPs.
Code:
000 #6410: "D_VPN_0"[2] 217.185.39.xxx STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 22s
000 #6404: "D_VPN_0"[103] 80.131.16.xxx:4500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 15s
000 #6405: "D_VPN_0"[64] 80.131.20.xxx:4500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 38s
000 #6408: "D_VPN_0"[1] 213.6.249.xxx STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 38s
000 #6409: "D_VPN_0"[3] 80.131.9.xxx STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 38s
000 #6403: "D_VPN_0"[57] 80.131.21.xxx:4500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 18s
000 #6411: "D_VPN_0"[8] 80.131.12.xxx STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 23s
The only possibility I see so far is disabling and re-enabling the connection from the WebAdmin, but that's a rather inconvenient workaround. Can this problem be fixed or is that just how IPsec is supposed to work?
Edit: I forgot to say that it's version 5.014
Thanks,
Sascha
This thread was automatically locked due to age.
