<div dir="ltr">I have dpd enabled.<div><br></div><div><div> dpdaction=restart</div><div> dpddelay=10s</div><div> dpdtimeout=60s</div></div><div><br></div><div style>The issue is that when i connect, after a certain period without any traffic, from servers hosted behind peer to a web service behind strongswan, it doesn't connect. I have keep trying for some time before it connects to the web service. Peer is a fortigate box and this is a site to site vpn tunnel. I've attached the log. After looking in to the log, can someone tell me if it's the peer that's taking time to bring up the tunnel or is it strongswan ? I see below in the log. Does it mean the peer is not responding ? I don't have control over the peer vpn (fortigate).</div>
<div style><br></div><div style><div><br></div><div><div>Apr 4 16:13:51 vpn01pp charon: 12[IKE] sending DPD request</div><div>Apr 4 16:14:01 vpn01pp charon: 13[IKE] sending DPD request</div><div>Apr 4 16:14:11 vpn01pp charon: 01[IKE] sending DPD request</div>
<div>Apr 4 16:14:21 vpn01pp charon: 12[IKE] sending DPD request</div><div>Apr 4 16:14:31 vpn01pp charon: 14[IKE] sending DPD request</div><div>Apr 4 16:14:41 vpn01pp charon: 15[IKE] sending DPD request</div><div>Apr 4 16:14:51 vpn01pp charon: 02[JOB] DPD check timed out, enforcing DPD action </div>
<div>Apr 4 16:14:51 vpn01pp charon: 02[IKE] unable to reauthenticate IKE_SA, no CHILD_SA to recreate</div></div><div><br></div><div style>Thanks in advance.</div><div style><br></div><div style>Regards,</div><div style>Arun G Nair</div>
</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Apr 4, 2013 at 11:12 PM, Justin Cinkelj <span dir="ltr"><<a href="mailto:justin.cinkelj@xlab.si" target="_blank">justin.cinkelj@xlab.si</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
dpdaction, dpddelay and dpdtimeout are three relevant parameters.<br>
With DPD enabled, packet is sent every dpddelay seconds (when there
is no normal traffic).<br>
With this three settings, client did auto reconnect if server exited
normaly (or if server was killed with SIGHUP).<br>
<br>
But if server process was 'kill -9'-ed, things didn't work as
expected (connection might come back, but only temporally).<br>
Server was strongswan 4.6.4, client 4.5.2 and IKEv2 was used.<br>
<br>
I'm interested how this will work for you, and what will be your
final configuration.<br>
<br>
Bye Justin<div><div class="h5"><br>
<br>
<div>On 04/04/2013 04:13 PM, Arun G Nair
wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">Hi,
<div><br>
</div>
<div> What can I do on strongswan to keep a tunnel alive even
if there's no traffic flowing ? I've dpdaction set to restart.
What else can be done ?</div>
<div><br>
</div>
<div>Regards,<br>
<div><br>
</div>
-- <br>
::: Keep Smiling :::
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>
<a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a></pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a><br>
<a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br>::: Keep Smiling :::
</div>