Linux Openswan IPSec tunnel problems;
This issue involves a linux workstation running Cent os 4.4 (2.6.9-42 0.10.EL kernel) and a Fortigate 1000A vpn/firewall.
I am attempting to create a full time tunnel between the Linux workstation and Fortigate unit, once the connection has been
Successfully negotiated the Linux box will have access to our internal network resources behind the Fortigate Vpn/firewall.
I am using a pre-shared-key as well as Xauth for this connection.
When I bring up the tunnel the terminal requests a user name and password for the Xauth, after I enter the required information
The tunnel is started and everything then works fine until it is time to rekey...... It looks to me as though the negotiation is partially successful.
I believe the psk is shared again and that the Xauth that is the problem.
I can confirm this theory, if I disable the Xauth and simply use a "psk" the connection rekeys and stays open, as desired.
I have read that Linux Xauth connections can/cannot be rekeyed, so I am some what confused.
Currently the only solution I see is to run a cron script every 5-6 hours that brings down the tunnel then
runs a IPSec whack command to reinitiate the tunnel, but this seems a bit crazy.
here is a copy of /etc/ipsec.conf
# basic configuration
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# plutodebug="control parsing"
# Only enable *debug=all if you are a developer
# NAT-TRAVERSAL support, see README.NAT-Traversal
# exclude networks used on server side by adding %v4:!a.b.c.0/24
# OE is now off by default. Uncomment and change to on, to enable.
# which IPsec stack to use. netkey,klips,mast,auto or none
# My conenction