Alright, I have spent some time investigating this bug.

It is caused by a Cisco VPN feature called "rekeying" where every 6-9 hours the VPN and client basically negotiate a new key and reestablish the connection.

Unfortunately, vpnc, the Cisco VPN client backend that NM uses, does not support rekeying.  The feature is on their TODO list but does not have an ETA.

Can we at least recognize this condition and bring down the tun0 interface gracefully and remove the lock emblem from the nm-applet tray icon?

Not right now, no.

You'd think vpnc would handle that (maybe it is nontrivial to detect, or the client's responsibility?) but I will investigate to see if that is possible.

Lars: Can you provide a comment here? Should I assign this to you?

I can't add anything more than Robert did in comment #1.

But I have a contact to the maintainer of vpnc.

If this is required to work we might ask him to implement it for us as a contract work.

Micahel: No further action required from your side.

I assign this to Lars now - as the maintainer he should decide about this.

JP: How important is "rekeying" for the desktop product?

mgross: Thank you for reassigning.  Good idea.

Lars: I cannot speak for JP, but rekeying support is important because without it, the VPN connection dies every 7~8 hours with notification.  This makes the user experience rather annoying.

Yes, it is reasonably important.

I don't have the knowledge and even not the time to develop this.  Therfore I reassign the bug to Pete as the desktop product manager.

Pete: Who might have a cost center to finance the rekeying feature? 

Have a look at
http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2006-March/000864.html

Let's bump this to SUSE 10.2 and get it in.  I have a patch.  ;-)

Who maintains the package, lmuelle?

Created attachment 93186 [details]
support vpnc rekeying

Lars maintains it.

I'd like to see this for SLE SP1 as well.

Gary, let's get this into SP1 (or sooner).

Before I file a new bug, I wanted to check here first: I use kvpnc with vpnc 0.3.3 on 10.1. The kvpnc and vpnc version are the same in 10.2 alpha 5 yet I I get disconnected every minute. The cisco-client works, so it has to be a client issue.

Since kvpnc and vpnc are the same version in both systems, could this patch be the cause, or is it not part of alpha 5?

I'll try to copy my kvpnc config from 10.1 and test, but if it happens with that old config, I think it's this patch. If not, the bug has to be in kvpnc generating the new config.

*** Bug 201664 has been marked as a duplicate of this bug. ***

As of vpnc 0.4.0, rekeying is being supported.  The openSUSE 10.3 could use the bump to the newer vpnc version.

Just wanted to report this. Why is http://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-0.4.0.tar.gz not included in factory? Factory still has vpnc 0.3.3 from 2005!

Lars, can we get vpnc updated to the new version for 10.3 before feature freeze?

somehow this bug seems to be lost. Giving NEEDINFO to Lars to see what can be done.

"vpnc-0.5.1.tar.gz  Mon Sep 10 23:16:41 CEST 2007" is the current version!

Probably the Product and Version should be updated and we could target openSUSE 11.

removing useless info provider on assignee

For anybody still waiting for the package to be updated I want to mention here that a recent version of vpnc can be retrieved here: 
http://download.opensuse.org/repositories/home:/dannori/

This version allows me to be connected more than 1 hour, great!

Lars if you are not responsible for this anymore please assign it to the appropriate person!

I've updated the vpnc to version 0.5.1 as suggested in comment #21.

did you submit this to /work/src/done/SLES1-SP2? If not could you do submit it there as well?

Submitted to SLES10-SP2 too as requested by comment #26.