[vpn-help] 2.1.5 -> 2.1.6b10 -- Connection silently dies after 5 minutes

Matthew Grooms mgrooms at shrew.net
Thu Jul 8 11:27:21 CDT 2010


On 7/7/2010 8:10 PM, Aaron Sarazan wrote:
> Nope, just left it running and it looks like it timed out a long time
> ago. Looks like it only lasts about 5 minutes, rain or shine.
>
>

Hi Aaron,

Thanks for providing the debug output. For starters I can see why DPD 
isn't working. The peer doesn't advertise DPD support so the client 
doesn't enable it ...

10/07/08 08:19:33 << : vendor id payload
10/07/08 08:19:33 ii : unknown vendor id ( 16 bytes )
10/07/08 08:19:33 0x : 09002689 dfd6b712 80a224de c33b81e5
10/07/08 08:19:33 << : vendor id payload
10/07/08 08:19:33 ii : peer is CISCO UNITY compatible
10/07/08 08:19:33 << : vendor id payload
10/07/08 08:19:33 ii : peer is IPSEC-TOOLS compatible
10/07/08 08:19:33 << : vendor id payload
10/07/08 08:19:33 ii : peer supports nat-t ( draft v02 )
10/07/08 08:19:33 << : nat discovery payload
10/07/08 08:19:33 << : nat discovery payload
10/07/08 08:19:33 << : vendor id payload
10/07/08 08:19:33 ii : unknown vendor id ( 16 bytes )
10/07/08 08:19:33 0x : 3b9031dc e4fcf88b 489a9239 63dd0c49
10/07/08 08:19:33 ii : forcing nat-t to enabled ( rfc )
10/07/08 08:19:33 ii : switching to src nat-t udp port 4500
10/07/08 08:19:33 ii : switching to dst nat-t udp port 4500

It should send a DPDv1 vendor ID as the client does ...

10/07/08 08:19:31 >> : vendor id payload
10/07/08 08:19:31 ii : local supports DPDv1

I don't see anything else out of the ordinary in the client log file. If 
possible, can you send me some output from the gateway side? I'd like to 
see if it logs anything interesting when the communication error occurs.

Thanks,

-Matthew



More information about the vpn-help mailing list