[strongSwan] DPD Questions

T Cheung tccheung1 at gmail.com
Wed Aug 8 01:45:16 CEST 2012


Hi,

I am trying to use DPD but I may not have all the right pieces in place since
the results were not what I expected.  I am using version 4.6.3.

On one host I have these values in ipsec.conf file:

      dpdaction=restart
      dpddelay=500

I am aware of the default values for retransmissions and I did not set
any of those
values.

My question is when does charon start to initiate the DPD exchange?  Is it
based on the dpddelay value or something else?  My value was set at 500
as shown above, but I didn't see the first attempt to send an R-U-THERE
query until over 15 minutes after I terminated all communications between
the peers - The "ipsec status" still shown the connection as ESTABLISHED
15 minutes after no communication between the peers.  Is there something
else to decide when to send the exhange?

Thanks,
Terry




More information about the Users mailing list