[strongSwan] Fwd: issue when configuring dpdaction=restart in ipsec.conf
bhargav p
bhargav.1226 at gmail.com
Tue Feb 12 13:21:52 CET 2013
Keeping the discussion
---------- Forwarded message ----------
From: Tobias Brunner <tobias at strongswan.org>
Date: Tue, Feb 12, 2013 at 5:15 PM
Subject: Re: [strongSwan] issue when configuring dpdaction=restart in
ipsec.conf
To: bhargav p <bhargav.1226 at gmail.com>
Cc: Users at lists.strongswan.org
Hi Bhargav,
Please keep the discussion on the mailing list.
> I am using quite older version.
> strongSwan 4.3.6
>
> One more doubt:
> Can you tell what exactly this dpdaction=restart does. Is there any
> dependency for auto=route and dpdaction=restart.
dpdaction=restart reestablishes a CHILD_SA if the other peer seems to be
dead (DPD = Dead Peer Detection). With IKEv2 for every request
retransmits will be sent if no response is received within a certain
time (see [1] for configuration options). After a configurable number
of failed tries the other peer is considered dead and the action
configured with dpdaction is performed. If the dpddelay option is
larger than 0 empty INFORMATIONAL exchanges will be initiated at the
configured interval to verify that the other peer is still alive.
Please have a look at the documentation at [2] for details.
And no, auto=route and dpdaction=restart are not strictly related but
with auto=route dpdaction=clear might be sufficient as matching traffic
will reestablish the SA anyway.
Regards,
Tobias
[1] http://wiki.strongswan.org/projects/strongswan/wiki/Retransmission
[2] http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
--
Regards
_______________________________________________
Puvvada Bhargav
R&D Engineer | NOKIA SIEMENS NETWORKS* India* | Bangalore
Mob. + 919741040458
puvvada.bhargav at nsn.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130212/3d2fe2be/attachment.html>
More information about the Users
mailing list