[strongSwan] Query regarding DPD with Linux

sandeep malik malik.proprty at gmail.com
Mon Jun 13 07:27:21 CEST 2011


Thanks Andreas for answering the query. Please help me understand how DPD
will work in following scenario:

There is a system where we have one policy and under that policy there are
three different SA's (tunnels). Now out of these three tunnels say traffic
stops on two tunnels. Now when DPD queries it will get the policy_use_time
with updated value since one of the tunnel is still active.

So as per my understanding the DPD will consider the underlying tunnel idle
only when all tunnels using one policy are idle. Is it correct or is there
any other link which I am not able to understand.

Regards,
Sandeep Malik

On Fri, Jun 10, 2011 at 3:40 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Hello Malik,
>
> we are using policy_use_time, because the state_use_time gets set
> only once when the first packet is processed and is never updated
> after that.
>
> Regards
>
> Andreas
>
> On 10.06.2011 06:18, sandeep malik wrote:
> > Hi Andreas,
> >
> > I was trying to go through the DPD implementation of strongswan w.r.to
> > <http://w.r.to> Linux 2.6 kernel. We are using the Linux 2.6.35 kernel
> > and need you help in understanding how strongswan implements DPD for
> Linux.
> >
> > When I did some googling I found you had a discussion with Herbert
> > regarding this and he suggested to use the policy use_time for
> > implementing the DPD with Linux. I have following queries:
> >
> > Does strongswan uses the policy use_time or state use_time for both
> > IKEv1 and IKEv2?
> >
> > How does this help as per my understanding DPD shall use tunnel use_time
> > as there might be a scenario where in single policy have multiple SA's
> > and one of the SA might be active while rest inactive but the DPD won't
> > be triggered for inactive SA's as the policy use_time will keep on
> updating.
> >
> > Regards,
> > Malik
>
>
> --
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110613/1529c3f9/attachment.html>


More information about the Users mailing list