[vpn-help] 2.1.5 -> 2.1.6b10 -- Connection silently dies after 5 minutes

Aaron Sarazan aaron.sarazan at gmail.com
Thu Jul 8 12:57:02 CDT 2010


That's really strange, I've just verified that DPD is enabled on the 
router side (Netgear FVS338), but even my reliable machine doesn't seem 
to enable it. I'll send along some gateway-side log snippets

On 7/8/2010 12:27 PM, Matthew Grooms wrote:
> On 7/7/2010 8:10 PM, Aaron Sarazan wrote:
>> Nope, just left it running and it looks like it timed out a long time
>> ago. Looks like it only lasts about 5 minutes, rain or shine.
>>
>>
>
> Hi Aaron,
>
> Thanks for providing the debug output. For starters I can see why DPD 
> isn't working. The peer doesn't advertise DPD support so the client 
> doesn't enable it ...
>
> 10/07/08 08:19:33 << : vendor id payload
> 10/07/08 08:19:33 ii : unknown vendor id ( 16 bytes )
> 10/07/08 08:19:33 0x : 09002689 dfd6b712 80a224de c33b81e5
> 10/07/08 08:19:33 << : vendor id payload
> 10/07/08 08:19:33 ii : peer is CISCO UNITY compatible
> 10/07/08 08:19:33 << : vendor id payload
> 10/07/08 08:19:33 ii : peer is IPSEC-TOOLS compatible
> 10/07/08 08:19:33 << : vendor id payload
> 10/07/08 08:19:33 ii : peer supports nat-t ( draft v02 )
> 10/07/08 08:19:33 << : nat discovery payload
> 10/07/08 08:19:33 << : nat discovery payload
> 10/07/08 08:19:33 << : vendor id payload
> 10/07/08 08:19:33 ii : unknown vendor id ( 16 bytes )
> 10/07/08 08:19:33 0x : 3b9031dc e4fcf88b 489a9239 63dd0c49
> 10/07/08 08:19:33 ii : forcing nat-t to enabled ( rfc )
> 10/07/08 08:19:33 ii : switching to src nat-t udp port 4500
> 10/07/08 08:19:33 ii : switching to dst nat-t udp port 4500
>
> It should send a DPDv1 vendor ID as the client does ...
>
> 10/07/08 08:19:31 >> : vendor id payload
> 10/07/08 08:19:31 ii : local supports DPDv1
>
> I don't see anything else out of the ordinary in the client log file. 
> If possible, can you send me some output from the gateway side? I'd 
> like to see if it logs anything interesting when the communication 
> error occurs.
>
> Thanks,
>
> -Matthew




More information about the vpn-help mailing list