[strongSwan] Query regarding DPD with Linux

Andreas Steffen andreas.steffen at strongswan.org
Fri Jun 10 12:10:13 CEST 2011

Hello Malik,

we are using policy_use_time, because the state_use_time gets set
only once when the first packet is processed and is never updated
after that.



On 10.06.2011 06:18, sandeep malik wrote:
> Hi Andreas,
> I was trying to go through the DPD implementation of strongswan w.r.to
> <http://w.r.to> Linux 2.6 kernel. We are using the Linux 2.6.35 kernel
> and need you help in understanding how strongswan implements DPD for Linux.
> When I did some googling I found you had a discussion with Herbert
> regarding this and he suggested to use the policy use_time for
> implementing the DPD with Linux. I have following queries:
> Does strongswan uses the policy use_time or state use_time for both
> IKEv1 and IKEv2?
> How does this help as per my understanding DPD shall use tunnel use_time
> as there might be a scenario where in single policy have multiple SA's
> and one of the SA might be active while rest inactive but the DPD won't
> be triggered for inactive SA's as the policy use_time will keep on updating.
> Regards,
> Malik

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list