This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASC Disconnections - what can be done?

Hi!
I am experiencing problems using Astaro Secure Client. After a period of inactivity by the user, while the Astaro indication light is still green, the link is actually disconnected and can't be reconnected unless the user clicks on disconnect and reconnect in the client software. I have set the inactivity timeout in the client to 3600 seconds and also to 0 to test. On the Astaro gateway (v5.2), I have a Roadwarrior connection with a policy having 18000 seconds for IKE SA Lifetime and 14400 seconds for IPSec SA Lifetime (made it intentionally longer to solve the disconnect problem).
I am using Astaro Secure client version 8.12 Build 24 and Astaro Security Linux version 5.2. The need here is for the user to be always connected (for up to several hours and listening to a chat session that has a support role and has to be online all the time. Problems occur when a disconnect occurs with no alert).
I would like to know what is the best client and gateway setup in order to avoid such diconnections and what needs to be done.
Thanks for any help.
[:S]

This thread was automatically locked due to age.

Parents

0 seb-zrh over 20 years ago

yes. same here with different clients. windows PPPTP stays up for ages, ASC disconnects even within 10 minutes. ASL and ASC both latest versions.

any ideas?

thanks!

seb

logfile:

18.05.2005 11:20:11  NCPIKE-phase2:name(freitag-zh) - connected
18.05.2005 11:47:17  NCPIKE-phase1:name() - incoming connect request.
18.05.2005 11:47:17  RECV_MSG1_MAIN -
18.05.2005 11:47:17  NCPIKE-phase1:name() - error - ATTRIBUTES_NOT_SUPPORTED
18.05.2005 11:47:27  NCPIKE-phase1:name() - incoming connect request.
18.05.2005 11:47:27  RECV_MSG1_MAIN -
18.05.2005 11:47:27  NCPIKE-phase1:name() - error - ATTRIBUTES_NOT_SUPPORTED
18.05.2005 11:47:47  NCPIKE-phase1:name() - incoming connect request.
18.05.2005 11:47:47  RECV_MSG1_MAIN -
18.05.2005 11:47:47  NCPIKE-phase1:name() - error - ATTRIBUTES_NOT_SUPPORTED
18.05.2005 11:48:27  NCPIKE-phase1:name() - incoming connect request.
18.05.2005 11:48:27  RECV_MSG1_MAIN -
18.05.2005 11:48:27  NCPIKE-phase1:name() - error - ATTRIBUTES_NOT_SUPPORTED
18.05.2005 11:48:36  NCPIKE-phase1:name() - incoming connect request.
18.05.2005 11:48:36  RECV_MSG1_MAIN -
18.05.2005 11:48:36  NCPIKE-phase1:name() - error - ATTRIBUTES_NOT_SUPPORTED
18.05.2005 11:48:57  NCPIKE-phase1:name() - incoming connect request.
18.05.2005 11:48:57  RECV_MSG1_MAIN -
18.05.2005 11:48:57  NCPIKE-phase1:name() - error - ATTRIBUTES_NOT_SUPPORTED
18.05.2005 11:49:36  NCPIKE-phase1:name() - incoming connect request.
18.05.2005 11:49:36  RECV_MSG1_MAIN -
18.05.2005 11:49:36  NCPIKE-phase1:name() - error - ATTRIBUTES_NOT_SUPPORTED
18.05.2005 11:49:46  NCPIKE-phase1:name() - incoming connect request.
18.05.2005 11:49:46  RECV_MSG1_MAIN -
18.05.2005 11:49:46  NCPIKE-phase1:name() - error - ATTRIBUTES_NOT_SUPPORTED
18.05.2005 11:50:06  NCPIKE-phase1:name() - incoming connect request.
18.05.2005 11:50:06  RECV_MSG1_MAIN -
18.05.2005 11:50:06  NCPIKE-phase1:name() - error - ATTRIBUTES_NOT_SUPPORTED
18.05.2005 11:51:46  NCPIKE-phase1:name(freitag-zh) - error - Delete indication received
18.05.2005 11:51:46  IPSDIAL  - disconnected from freitag-zh on channel 1.
Cancel
Vote Up 0 Vote Down

Cancel
0 magsa over 20 years ago in reply to seb-zrh

Where do you change this:

I have a Roadwarrior connection with a policy having 18000 seconds for IKE SA Lifetime and 14400 seconds for IPSec SA Lifetime

Thanks in advance
Cancel
Vote Up 0 Vote Down

Cancel
0 Xeno over 20 years ago in reply to magsa

Maybe a wrong policy settings which makes a rekeying fail. I would recommend to use the "User Config Download option" in Webadmin ... Remote Keys to make sure the configuration is correct.
Also you could try to disable Dead Peer Detection. Maybe there is a problem which disconnects the session.

Xeno
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Xeno over 20 years ago in reply to magsa

Maybe a wrong policy settings which makes a rekeying fail. I would recommend to use the "User Config Download option" in Webadmin ... Remote Keys to make sure the configuration is correct.
Also you could try to disable Dead Peer Detection. Maybe there is a problem which disconnects the session.

Xeno
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 magsa over 20 years ago in reply to Xeno

where to disable dpd please?
Cancel
Vote Up 0 Vote Down

Cancel
0 Xeno over 20 years ago in reply to magsa

Webadmin -> IPSec VPN -> Advanced -> Dead Peer Detection

ASC -> Configuration -> Profiles -> IPsec Settings (or similar - don't have the english version installed)

Xeno
Cancel
Vote Up 0 Vote Down

Cancel
0 magsa over 20 years ago in reply to Xeno

Am I getting crazy or I dont find dpd in Webadmin -> IPSec VPN -> Advanced with ASL 5.203????? [:S]
Cancel
Vote Up 0 Vote Down

Cancel
0 Stephan_Scholz over 20 years ago in reply to magsa

Dead Peer Detection is not available in ASL V5. It has only been introduced in V6.

Stephan
Cancel
Vote Up 0 Vote Down

Cancel
0 Xeno over 20 years ago in reply to Stephan_Scholz

Oh, I am sorry, for some reason I thought your are talking about V6.

I will let IPsec VPN (ASC) run over night. Let's see if it will disconnect on my machine, too.

Xeno
Cancel
Vote Up 0 Vote Down

Cancel