[strongSwan] Query regarding dpdaction

[Andreas Steffen]

In remote access scenarios it makes sense to set

  dpdaction=clear

on the VPN gateway and

  dpdaction=restart

on the remote access VPN client, so that the connection
gets re-established if the client is still on-line
but gets cleared if the client just shuts down without
sending a delete notification.

Regards

Andreas

On 02.02.2012 08:39, Meera Sudhakar wrote:
> Hi,
> 
> Please consider the example given in
> http://www.strongswan.org/uml/testresults/ikev2/dpd-clear/index.html.
> 
> 1) Here, the config on moon has "dpdaction=clear" while carol does not.
> Because of this, once the connection is lost, moon clears the connection
> but carol does not. On carol, the command "ipsec status" would then give
> the feeling that it is connected to moon. So is it better to give
> "dpdaction=clear" on both moon and carol?
> 
> 2) Also, if I include "dpdaction=clear" on both my end-points, after all
> the retries, the command "ipsec status" shows the following on both sides:
> 
> Security Associations:
>   none
> 
> It doesn't really kill the process, does it? So we will have to manually
> kill the process in order to start it again? At least these are the
> behaviors I see on my machines. Please let me know if this is as expected.
>  
> Thanks and regards,
> Meera

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4489 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120202/bbd1ae82/attachment.bin>