[strongSwan] DPD enabled and tunnel dying
Carlos Xavier
cbastos at connection.com.br
Fri Nov 12 13:38:12 CET 2010
Hi.
I got DPD configured on a tunnel, both gateways have it enabled. On my side i set the
dpdaction=restart
If I manually set the tunnel down, with ipsec down <conn_name>, aftter few seconds it comes up
again.
But we have noticed a strange behave, if there is a network outage, like the last one that took
about one hour, when the connection is restabilished, the tunnel do not come up again. We waited
about 15 minutes and nothing. I had to issue the command ipsec up <conn_name> to get the tunnel up
again.
This is the connection configurarion:
conn client_card_trans
left=XXX.160.208.130
leftsubnet=172.31.0.0/24
leftid=XXX.160.208.130
right=XXX.7.199.162
rightsubnet=XXX.7.197.253/32
rightid=XXX.7.199.162
dpdaction=restart
keyexchange=ikev1
ike=aes256-sha1-modp1024
esp=3des-md5
pfsgroup=modp1024
authby=secret
auto=start
Am I missing some point?
Regards
Carlos.
More information about the Users
mailing list