[strongSwan] windows 7 cannot install eroute

Mohit Mehta mohit.mehta at vyatta.com
Fri Jan 21 20:16:09 CET 2011 

Interestingly enough, somebody on Vyatta forums posted an issue with the exact same symptoms today -

http://www.vyatta.org/forum/viewtopic.php?t=5611

Only difference from this thread being strongswan version is 4.3.2 and client is an Android device.

Note that in second post, ipsec connection config does have dpdaction set to a low value of 45 seconds.

Mohit

----- Original Message -----
> Hi Andreas,
> I already tried that but after more than 15 minutes the eroute error
> is still there...
> regards
> 
> Il 21/01/2011 11:53, Andreas Steffen ha scritto:
> 
> Hi Luca,
> 
> with the DPD setting
> 
> dpdtimeout=60
> 
> it takes strongSwan 60 seconds to find out that the Win7 peer
> is dead. Only then the eroute is cleared. If you want to
> react quicker then I recommend to decrease dpdtimeout to
> 20-30 seconds (you are polling every 5 seconds anyway)
> 
> Regards
> 
> Andreas
> 
> On 21.01.2011 11:20, Luca Scamoni wrote:
> 
> I'm using strongswan 4.4.1 on kernel 2.6.18-164.15.1.el5
> clients connect using the following configuration
> 
> conn roadwarrior
> leftprotoport=17/1701 right=%any
> rightprotoport=17/%any rightsubnet=vhost:%no,%priv
> keyingtries=3 dpdaction=clear
> dpdtimeout=60 dpddelay=5
> authby=rsasig auto=add
> 
> I'm having problems with windows 7 clients. If connection is
> terminated abruptly (say, disconnecting the cable or closing the
> connection without
> disconnecting before), further connection attempts from the same IP
> fail:
> 
> "roadwarrior"[298] <ipaddress>:4500 #10540: cannot install eroute --
> it is in use for "roadwarrior"[285] <ipaddress>:4500 #0
> 
> the only way to cure this behaviour seems restart....
> 
> is it a known bug? configuration problem? anyone else?
> 
> I browsed the archives but had no luck. anyone pointing me in the
> right direction?
> TIA
> 
> --
> 
> /Luca Scamoni
> / *Gruppo Partners Associates*
> Tel. Milano +39 02 67380435**- Udine +39 0432 689815 - Roma +39 06
> 54832300 Fax Milano +39 02 67386214 - Udine +39 0432 570120 - Roma +39
> 06 91659273
> Cell. +39 348 0471710
> Email: Luca.Scamoni at GruppoPA.it <mailto:Luca.Scamoni at GruppoPA.it>
> Sito: _www.GruppoPA.it_ <http://www.GruppoPA.it> Prima di stampare,
> pensa all'ambiente ** Think about the environment
> before printing
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org strongSwan - the Linux
> VPN Solution! www.strongswan.org Institute for Internet Technologies
> and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
> 
> 
> -- Luca Scamoni
> 
> Luca Scamoni
> 
> Gruppo Partners Associates
> Tel. Milano +39 02 67380435 - Udine +39 0432 689815 - Roma +39 06
> 54832300 Fax Milano +39 02 67386214 - Udine +39 0432 570120 - Roma +39
> 06 91659273
> Cell. +39 348 0471710
> Email: Luca.Scamoni at GruppoPA.it
> Sito: www.GruppoPA.it
> 
> 
> Prima di stampare, pensa all'ambiente ** Think about the environment
> before printing
> _______________________________________________ Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list