Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
620
Views
0
Helpful
2
Replies

Freeswan with VPN Concentrator

ggolding
Level 1
Level 1

‎04-18-2004 10:28 PM

I am trying to get a sustained Lan-to-Lan tunnel between a Linux router running Freeswan & a 3030 concentrator. The tunnel stays up OK for a while but I have noticed that when the IKE timeout comes up & the key renegotiation occurs the 3030 logs a few "Simultaneous logins exceeded for user" messages. I find this a bit odd for a Lan-to-Lan connection. Unfortunatly I don't have access to the 3030 as it is managed by an external party. They recently upgraded it to the latest code.

I do know that the Freeswan does appear to try & create a new IPSec tunnel at renegotiation time before tearing down the old. There is very little configurable at the Linux end, and due to the nature of the customer connection they have very few options there. Does anyone have any suggestions on things to try or places to look?

Thanks.

Labels:
0 Helpful
2 Replies 2

drolemc
Level 6
Level 6

‎04-23-2004 06:22 AM

Your problem seems to be the same as CSCdx80492 'Simultaneous logins exceeded error misleading during external auth'. It could be a cosmetic error only. If things are working fine, you could disregard this message.

0 Helpful

ggolding
Level 1
Level 1
In response to drolemc

‎04-26-2004 01:26 PM

I couldn't locate your referance, but it does appear to be working well now. Part of the problem appeared to also relate to the IKE re-key interval. Freeswan seems to get unstable at anything less than 30 minutes. Setting the interval to 1 hour made a great improvement.

0 Helpful
Customers Also Viewed These Support Documents