[strongSwan] help: ping behaviour when tunnel is not established
Shukla, Sanjay
Sanjay.Shukla at ipc.com
Mon Apr 16 17:13:19 CEST 2012
Hello,
Any insight to the below would be helpful.
Regards,
-sanjay
From: users-bounces+sanjay.shukla=ipc.com at lists.strongswan.org [mailto:users-bounces+sanjay.shukla=ipc.com at lists.strongswan.org] On Behalf Of Shukla, Sanjay
Sent: Friday, April 13, 2012 3:58 PM
To: users at lists.strongswan.org
Subject: [strongSwan] help: ping behaviour when tunnel is not established
I request you urgent help in understanding this behavior.
When a connection is configured in /etc/ipsec.conf but the left side of the connection is not responding (say left is unreachable) I see the ping behavior as below
root at ffd-ipsec-189 sanjay]# ping 10.204.74.188
basically ping is stuck or blocked.
Now if I do not have a connection configured in the /etc/ipsec.conf I see that the ping responds like this
root at ffd-ipsec-189 sanjay]# ping 10.204.74.188
PING 10.204.74.188 (10.204.74.188) 56(84) bytes of data.
>From 10.204.74.189 icmp_seq=2 Destination Host Unreachable
>From 10.204.74.189 icmp_seq=3 Destination Host Unreachable
>From 10.204.74.189 icmp_seq=5 Destination Host Unreachable
What settings can be done for a timeout to occurs to that a program that is trying to reach an ip may not be blocked forever if ipsec SA cannot be established ?
My connection setting as follows
#Below Are The Configuration for CCM_CCM IPSec Tunnel
conn LocalIP_LocalIP_10.204.74.188
left=10.204.74.189
leftcert=ServLcl.pem
leftsendcert=yes
leftupdown=/opt/ipc/security/ipsectunnel/rightdown.sh
right=10.204.74.188
rightid=%any
keyexchange=ikev2
type=transport
reauth=no
dpddelay=5s
dpdaction=restart
keyingtries=%forever
auto=route
regards,
-sanjay
[cid:image001.png at 01CD1BC1.EDD21A60]Please consider the environment before printing this email.
________________________________
DISCLAIMER: This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unintended recipients are prohibited from taking action on the basis of information in this e-mail.E-mail messages may contain computer viruses or other defects, may not be accurately replicated on other systems, or may be intercepted, deleted or interfered with without the knowledge of the sender or the intended recipient. If you are not comfortable with the risks associated with e-mail messages, you may decide not to use e-mail to communicate with IPC. IPC reserves the right, to the extent and under circumstances permitted by applicable law, to retain, monitor and intercept e-mail messages to and from its systems.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120416/3867b7a4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 908 bytes
Desc: image001.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120416/3867b7a4/attachment.png>
More information about the Users
mailing list