So lowering the keylife / ikelifetime didn't solve the problem. I've enabled debugging and I'll see what it says. Unfortunately we can't (easily) upgrade CentOS, do you believe that would make a huge difference though? Are the newer versions of OpenSwan *that *much more reliable? On 10 February 2016 at 04:58, Eero Volotinen <eero.volotinen at iki.fi> wrote: > Centos 5 is also a bit old os. Is it possible to use newer version? (like > centos 7 or centos 6?) > > Eero > > 2016-02-09 19:52 GMT+02:00 Gordon Messmer <gordon.messmer at gmail.com>: > > > On 02/09/2016 07:04 AM, John Cenile wrote: > > > >> does anyone have any suggestions on what the problem might be? > >> > > > > Not off the top of my head, but if I were you, I'd enable debugging of > > "control" and "dpd". See man ipsec.conf (/plutodebug) and man > ipsec_pluto. > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >