[strongSwan] Potential bug in DPD implementation?
Andreas Steffen
andreas.steffen at strongswan.org
Thu Jul 8 18:11:31 CEST 2010
Hi Julian,
the ipsec output on your link doesn't show any active connections
newest ISAKMP SA: #0; newest IPsec SA: #0;
but just the connection definition itself. So please don't go
around shouting that DPD is broken. IP address update via DNS
lookup is not a built-in feature of the standard pluto daemon.
Thus either Vyatta added some special functionality or it is
done via periodically invoking the ipsec update command which
reloads the configuration.
Regards
Andreas
On 08.07.2010 17:42, Julian Pawlowski wrote:
> Hi folks,
>
> I'm currently experiencing some buggy behavior with strongSwan on a
> Vyatta VC6 box...
>
> ipsec --version
> Linux strongSwan U4.3.2/K2.6.31-1-586-vyatta
>
> I have already a running discussion open in the Vyatta support board
> and I was wondering if I might refer you to this directly:
>
> "S2S VPN with dynamic peer not being up after IP change"
> http://www.vyatta.org/forum/viewtopic.php?p=50421#50421
>
> According to my analysis it seems that after the dead peer was
> detected the tunnels are not cleaned up correctly as I can still see
> them in output of "ipsec status". However logfile says that connection
> has been cleared...
> It might also be that the Pluto daemon is ignoring TTL from DNS
> records as the updated A record for my dyndns address is not known to
> the pluto daemon until manually forced tunnel cleanup... :-/
>
> I'd highly appreciate anybody's feedback and support in this case,
> thank you in advance!
>
>
> Best regards from Munich
> Julian
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3430 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100708/41191cfb/attachment.bin>
More information about the Users
mailing list