[Users] "no connection authorized"?

I'm trying to a machine with a Real IP to an NATed host, and have successfully done so - connecting the NATed machine to two separate hosts. However, after establishing the initial connection, it will last at most one day before dying. When I attempt to reconnect, I would get the following messages (given below) repeated over and over in the logs.

Surely by reconnecting both sides should make an attempt to re-authorize the machines, so I shouldn't be getting such a message? I'm not sure what is the cause of this.

I have tried variations of rekeymargin, keylife, and ikelifetime in the ipsec.conf file - but changing ikelifetime has only allowed the connection to stay up for 24 hours as opposed to the default 8. However, I thought it should renegotiate a key before this expires anyway. (i've tried changing rekeymargin too).

Should I lower the lifetime values? I'm not sure what is the problem here.

Any help would be appreciated.

Thanks,

Terence Parker

Mar 3 08:01:10 [pluto] packet from 67.120.114.18:113: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 3 08:01:10 [pluto] packet from 67.120.114.18:113: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Mar 3 08:01:10 [pluto] packet from 67.120.114.18:113: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 3 08:01:10 [pluto] packet from 67.120.114.18:113: initial Main Mode message received on 202.64.84.144:500 but no connection has been authorized Mar 3 08:01:31 [pluto] packet from 67.120.114.18:113: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 3 08:01:31 [pluto] packet from 67.120.114.18:113: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Mar 3 08:01:31 [pluto] packet from 67.120.114.18:113: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 3 08:01:31 [pluto] packet from 67.120.114.18:113: initial Main Mode message received on 202.64.84.144:500 but no connection has been authorized

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek