[strongSwan] strongSwan DPD Notification messages (RFC3706)

Petar Tsankov petar.tsankov at gmail.com
Wed Aug 17 17:11:54 CEST 2011


I am running some tests on strongSwan and I cannot understand under what 
conditions does strongSwan generate a DPD Notification message 
(RFC3706). The message that I expect has the following format: ISAKMP 
header with the initiator and responder cookie fields, next payload flag 
set to 11 for Notification, exchange type flag set to 5 for Info, the 
ISAKMP notify payload should have message type 36136 or 16137, which are 
the corresponding R-U-THERE or R-U-THERE-ACK messages.

I tried using the dpdelay/dpdtimeout connection parameters in 
ipsec.conf, but the R-U-THERE(-ACK)  messages sent by strongSwan have a 
different format. Namely, they have the ISAKMP header followed by 
encrypted payload.

Could anyone give me some hints?

Thanks in advance.

Best regards,

More information about the Users mailing list