[Swan] Decoding IPSEC_RESPONDER_LIFETIME
heiko.helmle at horiba.com
heiko.helmle at horiba.com
Wed May 20 13:14:18 EEST 2015
Hello list,
I have to communicate to a cisco peer that seems to disagree on lifetimes
- it sends informational payload IPSEC_RESPONDER_LIFETIME and sometimes
just deletes SAs and then ignores any further attempts to reestablish,
resulting in a stale ISAKMP. That means I have to --down and --up the
connection to force a new Phase 1.
I'm suspecting that thie IPSEC_RESPONDER_LIFETIME might contain
information that brings me closer to getting this connection stable -
unfortunately I cannot do anything with the payload:
May 20 12:06:40 millhouse pluto[1584]: | ISAKMP Notification Payload
May 20 12:06:40 millhouse pluto[1584]: | 00 00 00 1c 00 00 00 01 03 04
60 00
How do I interpret those values? Or do I have to enable debug logging to
see what Lifetime the Cisco sends?
And in a related question: My peer seems to have enabled some sort of
inactivity (or idle) timeout. Does LibreSWAN have a similar feature? Or
will auto=ondemand suffice once the SAs have timed out?
Best Regards
Heiko Helmle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150520/f6c3db9c/attachment.html>
More information about the Swan
mailing list