Hi to all,
Iv got some trouble with my certifcate based VPN client access. It works
for several days but then the VPN connection will fail until the
Bordermanager Server is rebooted. Such a failed connection is recorded in
IKE.LOG like this (note: IP addresses are replaced by xx.xx.xx.xx!):

>>>>>>>>>>>>

***Receive Main Mode message from 217.229.5.87

I-COOKIE=D7B7885FF942A67B,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD,state=-841248180

Start IKE-SA C1E0ED40 - Responder,src=xx.xx.xx.xx,dst=xx.xx.xx.xx,TotSA=18

IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=28800

****DH private exponent size is 1016****

Local server's interfaces : xx.xx.xx.xx
Local server's interfaces : xx.xx.xx.xx

Local server's interfaces : xx.xx.xx.xx

Local server's interfaces : xx.xx.xx.xx
Recieved Supported Vendor id Novell Border Manager VPN 4.0 client -
Protected Net from xx.xx.xx.xx
Recieved Supported Vendor id draft-ietf-ipsec-nat-t-ike-03 from
xx.xx.xx.xx
***Send Main Mode message to xx.xx.xx.xx

I-COOKIE=D7B7885FF942A67B,R-COOKIE=9B69DA66D99E909E,MsgID=0,1stPL=SA-PAYLOAD,state=-841248180

***Receive Main Mode message from xx.xx.xx.xx

I-COOKIE=D7B7885FF942A67B,R-COOKIE=9B69DA66D99E909E,MsgID=0,1stPL=KEY-PAYLOAD,state=-841248128

There is NAT in between server and client

info: sending certificate request payload is disabled

***Send Main Mode message to xx.xx.xx.xx
I-COOKIE=D7B7885FF942A67B,R-COOKIE=9B69DA66D99E909E,MsgID=0,1stPL=KEY-PAYLOAD,state=-841248128

***Receive Main Mode message from xx.xx.xx.xx
I-COOKIE=D7B7885FF942A67B,R-COOKIE=9B69DA66D99E909E,MsgID=0,1stPL=ID-PAYLOAD,state=-841248116

Recieved MM ID payload type 9 protocol 0 portnum 0 length 57

Recieved notify message type 24578 from xx.xx.xx.xx
sending notify message type 51 to xx.xx.xx.xx
***Send Unacknowledge Informational message to xx.xx.xx.xx
I-COOKIE=D7B7885FF942A67B,R-COOKIE=9B69DA66D99E909E,MsgID=99B31B6A,1stPL=HASH-PAYLOAD,state=-841248068

Failed to create IKE-SA - Peer's certificate date is invalid , dst =
xx.xx.xx.xx
IKE-SA C1E0ED40 is Deleted,I-COOKIE=D7B7885F,R-COOKIE=9B69DA66,dst=xx.xx.xx.xx
State:2 Cond:4 TimerEvent:1

lifetime :28800 sec Rekey Time :0 sec

Created at :0 sec Remaining life time :-1188427 sec Current time
1217227
The client xx.xx.xx.xx removed from vpninf

>>>>>>>>>>>>


A stopvpn/startvpn does not resolve the issue; only a server reboot
temporarely helps.

The software versions: NetWare 5.1 SP7, eDirectory 8.7.3.2, BM3.8 SP2A, VPN
Client 3.8.7.

I would be grateful for any hints.

Best regards
Malte Scholtz