<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.emailquote, li.emailquote, div.emailquote
{mso-style-name:emailquote;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:1.0pt;
border:none;
padding:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Thanks a lot for the reply. It worked. I see the dpd triggering now.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I am working on a case when dpd from strongswan sends the nat detection payloads.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I wanted to know upon which conditions strongswan would send dpd request with nat_detection_src_ip and nat_detection_dst_ip.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Is it done only in specific case like when strongswan is behind the nat ? and strongswan is in remote-access-client ?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">kalyani<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> bls s [mailto:blscl@outlook.com]
<br>
<b>Sent:</b> Friday, January 12, 2018 6:40 AM<br>
<b>To:</b> Kalyani Garigipati (kagarigi) <kagarigi@cisco.com>; users@lists.strongswan.org<br>
<b>Subject:</b> RE: [strongSwan] dpd not getting triggered<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="xmsonormal">By default dpdaction=none, which disables sending dpd messages.
<o:p></o:p></p>
<p class="xmsonormal"> <o:p></o:p></p>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xmsonormal"><b>From: </b><a href="mailto:kagarigi@cisco.com">Kalyani Garigipati (kagarigi)</a><br>
<b>Sent: </b>Thursday, January 11, 2018 10:47 AM<br>
<b>To: </b><a href="mailto:users@lists.strongswan.org">users@lists.strongswan.org</a><br>
<b>Subject: </b>[strongSwan] dpd not getting triggered<o:p></o:p></p>
</div>
<p class="xmsonormal"> <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:11.0pt">Hi,<br>
<br>
I am using strongswan version 5.6.1<br>
I found that even though I configured dpd using dpddelay and dpdtimeout, dpd is not getting triggered from strongswan client at all even though there is no traffic passing.<br>
Please let me know how to debug this.<br>
<br>
<br>
config setup<br>
charondebug=all<br>
# crlcheckinterval=600<br>
# strictcrlpolicy=yes<br>
# cachecrls=yes<br>
# nat_traversal=yes<br>
# charonstart=no<br>
<br>
conn %default<br>
ikelifetime=100m<br>
keylife=20m<br>
rekeymargin=8m<br>
keyingtries=1<br>
authby=psk<br>
keyexchange=ikev2<br>
ike=aes256-sha256-modp1024<br>
esp=3des-sha1<br>
mobike=yes<br>
dpddelay=5s<br>
dpdtimeout=150s<br>
<br>
# Add connections here.<br>
<br>
# Add connections here.<br>
conn net-net<br>
left=10.127.47.104<br>
leftsubnet=10.127.47.104/32<br>
leftid=10.127.47.104<br>
right=10.104.108.110<br>
rightsubnet=10.104.108.110/32<br>
rightid=10.104.108.110<br>
auto=start<br>
<br>
~<br>
Regards,<br>
kalyani<o:p></o:p></span></p>
</div>
</div>
</body>
</html>