[vpn-help] Timeouts?

kevin shrew-vpn klmlk at hotmail.com
Wed Jul 28 09:06:49 CDT 2010


On Sun, 11 Jul 2010 02:34:26 -0500
Matthew Grooms <mgrooms at shrew.net> wrote:

> 
> Your best bet is to always use matching lifetime values.
> 

Hi Matthew, thanks for the detailed response.  Matching the lifetimes
has really helped stabilize one of my VPNs.

However, for the other VPN, when Phase 1 expires, the VPN breaks.
Based on info from Shrew and the gateway it looks like some form of
re-authentication is occurring (Shrew seems to re-send PAP).  This
appears to cause the gateway to assign a new virtual adapter IP, but
Shrew does not appear to realize this - at least, the virtual adapter
IP on the client does not change and no reference to a new
configuration appears in the Shrew iked trace.

Is assigning a new IP normal/permitted? Or is this a sign that I haven't
quite got the configs right between the client and gateway?

For what it's worth, the client is only able to connect if it is set to
'ike config pull'.



More information about the vpn-help mailing list