[strongSwan] windows 7 cannot install eroute

Andreas Steffen andreas.steffen at strongswan.org
Fri Jan 21 11:53:23 CET 2011 

Hi Luca,

with the DPD setting

dpdtimeout=60

it takes strongSwan 60 seconds to find out that the Win7 peer
is dead. Only then the eroute is cleared. If you want to
react quicker then I recommend to decrease dpdtimeout to
20-30 seconds (you are polling every 5 seconds anyway)

Regards

Andreas

On 21.01.2011 11:20, Luca Scamoni wrote:
> I'm using strongswan 4.4.1 on kernel 2.6.18-164.15.1.el5
> clients connect using the following configuration
> 
> conn roadwarrior
>         leftprotoport=17/1701
>         right=%any
>         rightprotoport=17/%any
>         rightsubnet=vhost:%no,%priv
>         keyingtries=3
>         dpdaction=clear
>         dpdtimeout=60
>         dpddelay=5
>         authby=rsasig
>         auto=add
> 
> I'm having problems with windows 7 clients. If connection is terminated
> abruptly (say, disconnecting the cable or closing the connection without
> disconnecting before), further connection attempts from the same IP fail:
> 
> "roadwarrior"[298] <ipaddress>:4500 #10540: cannot install eroute -- it
> is in use for "roadwarrior"[285] <ipaddress>:4500 #0
> 
> the only way to cure this behaviour seems restart....
> 
> is it a known bug? configuration problem? anyone else?
> 
> I browsed the archives but had no luck. anyone pointing me in the right
> direction?
> TIA
> 
> -- 
> 
> /Luca Scamoni
> /
> *Gruppo Partners Associates*
> Tel. Milano +39 02 67380435**- Udine +39 0432 689815 - Roma +39 06 54832300
> Fax Milano +39 02 67386214 - Udine +39 0432 570120 - Roma +39 06 91659273
> Cell. +39 348 0471710
> Email: Luca.Scamoni at GruppoPA.it <mailto:Luca.Scamoni at GruppoPA.it>
> Sito: _www.GruppoPA.it_ <http://www.GruppoPA.it> 
> 
> 
> Prima di stampare, pensa all'ambiente ** Think about the environment
> before printing

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list