[strongSwan] dpd and INFORMATIONAL requests
Tiago Vasconcelos
tiago.o.vasconcelos at gmail.com
Wed Apr 23 18:24:42 CEST 2014
Hi Noel
That's exactly what I get when, on the other end of the tunnel, is a
strongSwan 4.x:
15[IKE] sending DPD request
15[ENC] generating INFORMATIONAL request 7 [ ]
15[NET] sending packet: from foo[4500] to bar[3474] (76 bytes)
04[NET] received packet: from bar[3474] to foo[4500] (76 bytes)
04[ENC] parsed INFORMATIONAL response 7 [ ]
This happens even when 'foo' is running strongSwan 5.1.1
But when both 'foo' and 'bar' are running strongSwan 5.1.1, I see no DPD
or INFORMATIONAL requests in the logs at all... Any idea why?
Regards,
Tiago
On 23/04/14 16:39, Noel Kuntze wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello Tiago,
>
> Something along the following should appear in the log:
>
> 13[IKE] sending DPD request
> 13[NET] sending packet: from foo[4500] to bar[4500] (92 bytes)
> 12[NET] received packet: from bar[4500] to foo[4500] (92 bytes)
>
> net and ike are both set to log level 1.
>
> Regards,
> Noel kuntze
>
> GPG Key id: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 23.04.2014 17:12, schrieb Tiago Vasconcelos:
>> I've enabled dpd by adding the following lines to the conn %default section of ipsec.conf:
>>
>> dpdaction=restart
>> dpddelay=10
>>
>>
>> Judging from the output of 'ipsec statusall' I presume dpd is set:
>>
>> ut01: child: 10.12.0.0/15 === 10.14.0.0/15 TUNNEL, dpdaction=restart
>>
>>
>> But in the logs, I don't see any INFORMATIONAL requests being generated or received from the other strongSwan hosts running 5.1.1:
>>
>> charon: [info] 15[ENC] generating INFORMATIONAL request 7 [ ]
>> ...
>> charon: [info] 04[ENC] parsed INFORMATIONAL response 7 [ ]
>>
>> I only see INFORMATIONAL messages to/from hosts running 4.5 and 4.6.
>> How can I check whether dpd is actually working?
>> I'm using IKEv2, by the way.
>>
>>
>> --
>> Tiago
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJTV97MAAoJEDg5KY9j7GZYztMP/1CrUAJfEdLX1/fzO2Z2mDB6
> jKJfq1bc8fev8BAlc6d3I4DwfSwboVZcPJ1In5tnJPvzbhIgDb1GkhFq0LGUSj5+
> Ko5griLOIrT6I5TZmTQHLeDNtzBNqk99Kz2ODGNlmei/d1uK1SiwKw6st5DVONu1
> +zFFnq//wf4nvPX6b/BXtHP5wvitfLwBr3EuxLMeK2ZxwHox8D2ZfE+D4HOJEQ54
> Wdqk92QFyO40AQ2NGNiwOZ/rM+U04WD2Jy2iNGhU5+0xQb048hMAJZI23mzJ/yqc
> lxAZ4CcTKUBzQHq6uNdppfAx5sk8OVwnE+YBwOoXODDQPhcvla1KicddxJ9Gt4Q1
> V44k6K+IGhE1XFK55B7Rz+HWGotr736XKrIythmTPRKTF9O0GijxwiXTnN2kak3o
> uhKTc60ao2YHgUEbQJgmih9grumTK/n7UfM5YW0syiWGzBLegtNGWuMLUQUbmEc/
> stGjQOeaHABUh3u2XFKLYVloWRXi16P2mM6WoZcFk87Av1dlNOh39W+s6NqUpP4/
> iGbXloGmaDHL7ABfO72KYQEDL/YyXm3J3ax2MUpivm4hRTqepg2YlfftIakW7eXy
> H9whnW+4neOHDELym788pXVa+5QIQ73XSNyjEGLn5XrCx5fTCzZ5gPy+EWu24cYQ
> ceV6cyBot6SKkDeVmwuj
> =ds6H
> -----END PGP SIGNATURE-----
>
More information about the Users
mailing list