[vpn-help] Netscreen SSG and Wikid two factor disconnects every hour

[Matthew Grooms]

On 3/26/2010 3:47 PM, bryan at bevege.com wrote:
> First of all I love this product! This was one of the last things I
> needed to ditch Windows, now if VMware would just get with the
> program.  Thats another topic.
>
> We are using the shrew vpn client 2.14 linux (ubuntu and fedora core
> 12) and windows 7 to connect to Netscreen SSG 520.  Our setup is
> nearly the same as the guide on the Shrew page accept we are using
> Wikid two factor tokens for authentication and freeradius for IP
> assignments. We can connect with no problems initially.
>
> The problem:
> We get kicked off every hour.  The logs below shows what happens on
> both the firewall and the local linux client.  I haven't logged a
> Windows 7 box but the exact problem exists.
>
> When using the standard Netscreen client (on XP since there is no
> linux or windows 7 client) we stay connected for 12 hrs. before
> getting kicked off by the time limit setting we have set. I've scoured
> the settings on the Netscreen client and do not see anything
> different.  I browsed around the mailing lists but didn't find much
> info on this topic.
>
> Questions:
>
> 1. Does the Shrew VPN client even support Wikid two factor authentication?
> 2. Does the shrew VPN client suppot any other two factor solutions?
> 3. Are there any setting on either the Firewall or the Shrew VPN
> client that may correct this?
>
> Thanks for your help and for a great product.

Hi Bryan,

Unfortunately, the client doesn't allow for user input once the connect 
button has been pressed. I would love to fix this, but it would take a 
non-trivial re-work of how the front end applications communicate with 
the IKE daemon. We plan to do this work before we release 2.2.0 which 
will include unifying the front end code for all platforms ( Windows, 
Linux, BSD and OSX ). Sorry I can't be more help at this time.

-Matthew