This is a problem that is present since at least 14.04 and has also been noticed on Android.
My Fritz!box modem/router has a build in VPN server that I like to use, especially because it gives access to my home network.
The system works fine with one annoyance, the connection is dropped after 54 minutes.
The log from the modem shows:
Something cuts the VPN connection at 18:08:13 due to a lifetime expiry.
The connection is according to the modem 1 second later automatically re-established.
At this point I notice on my laptop (or Android) all network traffic is down.
Yet the VPN icon superimposed on the WIFI icon is still visible.
Around five minutes later there will be a notification 'the VPN connection has failed' and normal (non VPN) network access becomes possible.
Typically I would break and re-enable the VPN connection as soon as it goes down and I don't get to the above notification.
There's a discussion on the newsgroup of my provider, initiated by an Android user, and I have thrown in my observations and also logged a ticked with AVM, the modem's manufacturer.
Initially I believed the problem with the IPsec timeout was on the modem's side but indications (the reconnect at 18:08:14) are the disconnect happens on the Linux side and Linux does not pick up the fact that the modem has reconnected.
These two links suggest something needs to be changed on the Linux side:
http://forums.juniper.net/t5/SRX-Ser...me/td-p/140937
http://www.vpncasestudy.com/sa.html
What goes wrong is the ipsec SA (security association) lifetime (phase 2) is in most clients set to 3600 secs or 1 hr but this modem uses 3240 secs. (54 mins) resulting in a time out.
Apparently this parameter cannot be changed in the modem so the solution would be to set the timeout on the client side to shorter than 3240 secs.
One of the gurus used the Shrewsoft client in Windows 7 and changed it to 3000 secs and had a working system.
Does anyone here have insight were this parameter can be changed on the Linux side?
PS, if a moderator knows a better place for this question, be my guest and move it.
My Fritz!box modem/router has a build in VPN server that I like to use, especially because it gives access to my home network.
The system works fine with one annoyance, the connection is dropped after 54 minutes.
The log from the modem shows:
PHP Code:
------------------
16.05.15 18:11:48 VPN connection to Fritz was established successfully.
16.05.15 18:11:24 VPN connection to Fritz has been cleared. Cause: 3 IKE server
16.05.15 18:08:14 VPN connection to Fritz was established successfully.
16.05.15 18:08:13 VPN connection to Fritz has been cleared. Cause: 1 Lifetime expired
16.05.15 17:14:14 VPN connection to Fritz was established successfully.
-------------------
The connection is according to the modem 1 second later automatically re-established.
At this point I notice on my laptop (or Android) all network traffic is down.
Yet the VPN icon superimposed on the WIFI icon is still visible.
Around five minutes later there will be a notification 'the VPN connection has failed' and normal (non VPN) network access becomes possible.
Typically I would break and re-enable the VPN connection as soon as it goes down and I don't get to the above notification.
There's a discussion on the newsgroup of my provider, initiated by an Android user, and I have thrown in my observations and also logged a ticked with AVM, the modem's manufacturer.
Initially I believed the problem with the IPsec timeout was on the modem's side but indications (the reconnect at 18:08:14) are the disconnect happens on the Linux side and Linux does not pick up the fact that the modem has reconnected.
These two links suggest something needs to be changed on the Linux side:
http://forums.juniper.net/t5/SRX-Ser...me/td-p/140937
http://www.vpncasestudy.com/sa.html
What goes wrong is the ipsec SA (security association) lifetime (phase 2) is in most clients set to 3600 secs or 1 hr but this modem uses 3240 secs. (54 mins) resulting in a time out.
Apparently this parameter cannot be changed in the modem so the solution would be to set the timeout on the client side to shorter than 3240 secs.
One of the gurus used the Shrewsoft client in Windows 7 and changed it to 3000 secs and had a working system.
Does anyone here have insight were this parameter can be changed on the Linux side?
PS, if a moderator knows a better place for this question, be my guest and move it.