[mweber88]

I have successfully installed DDWRT build 13064 onto my WRT310n and configured it to connect to the Cisco router at my office. Then, I have connected my IP phone to the WRT310n and voila, I have my office phone and network 350 miles away.

The problem is that the vpnc loses connection, and then pings fail and the disconnect/reconnect in the script takes over and the connection resumes. This happens every hour on the clock. I have been sitting here watching my phone for several hours and right at 19 past the hour, I lose computer connection to my office and the phone reboots.

I have the dead peer detection command line setting in the startup script still in there, but hourly, this thing goes dead. This is getting to be a big problem as I kept dropping client phone calls after each hour today, then had to redial the client.

I've SSH'd into the router and tried to view options, version or help for vpnc, but apparently the compiled vpnc code is REALLY light and all that has been left out.

Any help would be GREATLY appreciated!

Mike

[mweber88]

Any ideas? Anybody?

[phuzi0n]

Check you WAN status page to see if a DHCP lease renewal coincides with your disconnection. If it does then see the link below for a command to add to your firewall script and add a reply to the ticket.

http://svn.dd-wrt.com:8000/dd-wrt/ticket/973

[mweber88]

[phuzi0n]

Check the source yourself.

http://svn.dd-wrt.com:8000/dd-wrt/browser/src/router/vpnc

[alain]

If your disconnect is not caused by a dhcp renew, maybe rekeying fails.
Can you check what your rekeying interval is?
Does the same problem also occur when using vpnc on your computer? (under linux, using cygwin also possible under windows)

Greetings,
Alain

[mweber88]

[mweber88]

I have built the Linux VM, installed vpnc, configured, and it is currently connected. I am running ping on a 30-second interval to ping the router at the other end. I will look to see when and if it quits around 1 hour into the pinging, and then I will post my findings.

Thanks!

Mike

[mweber88]

After allowing it to run for a little over an hour on my Linux machine, with a 30-second interval between pings, it stopped after 117 pings (and I started pinging a little late).

The vpnc version installed on my Linux machine is 0.5.3, which appears to be the same that is in dd-wrt.

So, it does appear to be a problem in vpnc. Your thoughts?

Thanks!

Mike

[alain]

Ok, so your problem is not dd-wrt related.
Try to run vpnc on your pc (vmware image) with
vpnc --debug 2 --no-detach <configfile>

pls post the output you get.

[mweber88]

[alain]

Hmm, is this all you get?
Because I cant even see that anything goes wrong...
Is this the log from your router or linux pc?

[mweber88]

That was on the PC, running exactly the command that you specified.

I know WHERE in that output that something went wrong, even though it doesn't look like anything went wrong. It happens during the S7.1-S7.8 lines. Maybe it's something with the version of Linux that I'm using (CentOS 5.3)?

I'll check the kernel version and run it again, and post that as well.

[mweber88]

The VPNC version is 0.5.3, and the kernel version is 2.6.18-128.el5

I've captured everything now, and am including it in a file attachment. Hopefully this will have more of what you need.

What I did notice at first inspection is that when the tunnel was first setup, VPNC did something (S7.9) which was not done the second time around (after it came close to the 3600 second limit). Is this possibly what is going wrong?

This thing had me beating my head against the wall all day today as it's really causing me grief! I was hoping that I could determine the problem and address it in the dd-wrt start script, but I realize that it's not that the bridge to the tunnel disappears, but rather that the tunnel itself cannot (or does not) pass data. The bridge to the tunnel is irrelevant, because if the bridging is not done, the router itself can still ping, and it's this router's ability to ping that fails after close to one hour. But I'm going to go out on a limb and guess that it is somehow due to the re-keying of the connection when it's close to expiration.

As always, your thoughts and input are greatly appreciated!

Michael

[skarface]