[strongSwan] DPD

Wed May 19 15:49:43 CEST 2010

Hi all,

I have the following question regarding DPD. I see that the IKE_SA 
change the state to DESTROYING and StrongSwan gives up after the fifth 
retry when dpdaction is set to restart.
Is there any parameter in StrongSwan to increase the number of retries 
or this value is hardcoded.

Any help is appreciated

Thanks
Eduardo M. Torres

Below is an example of the ipsec.conf

conn %default
         auth=esp
         dpdaction=restart
         dpddelay=10s
         forceencaps=no
         ikelifetime=60s
         installpolicy=yes
         keyexchange=ikev2
         keyingtries=%forever
         keylife=50s
         mobike=no
         pfs=yes
         reauth=no
         rekey=no
         rekeymargin=20s
         rekeyfuzz=10%
         type=tunnel
         leftauth=psk
         rightauth=psk

conn 1
         right=135.112.41.43
         left=135.185.91.86
         leftsubnet=192.168.1.1/32
         rightsubnet=0.0.0.0/0

esp=aes256-sha1-modp1024,aes256-md5-modp1024,aes256-aesxcbc-modp1024,3des-sha1-modp1024,3des-md5-modp1024,3des-aesxcbc-modp1024!
         ike=aes128-sha-modp1024,3des-sha-modp1024!
         leftprotoport=132
         auto=add