[strongSwan] strongswan-5.1.1 keep alive setting

Noel Kuntze noel at familie-kuntze.de
Sat Aug 30 17:48:30 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

Did you try setting dpddelay?
I think parameters in strongswan.conf are deprecated,
if a parameter with the same function exists in ipsec.conf.

Regards,
Noel Kuntze

GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 30.08.2014 um 17:08 schrieb s s:
> Hello,
>
> We have finally resolved the missing frw policy issue for the
> Linux strongSwan U5.1.1/K2.6.18-371.11.1.el5 behind the non-administered
> NAT.
>
> Now the site-site tunnel routes transparently to our satisfaction.
>
> In the effort to improve the behind the NAT configuration and decrease
> the generated network traffic, I have set the charon.keep_alive key
> value in the  /etc/strongswan.conf :
>
> # strongswan.conf - strongSwan configuration file
>
> charon {
>
>         # number of worker threads in charon
>         threads = 16
>
>         # plugins to load in charon
>         # load = aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509
> stroke
>
>         plugins {
>
>                 sql {
>                         # loglevel to log into sql database
>                         loglevel = -1
>
>                         # URI to the database
>                         # database = sqlite:///path/to/file.db
>                         # database =
> mysql://user:password@localhost/database
>                 }
>         }
>
>         # ...
>
>         dns1 = 192.168.3.56
>         nbns1 = 192.168.3.56
>
>         #
> https://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf
>         # Defaults for options in this section can be configured in the
> libstrongswan section.
>         # NAT keep alive interval in seconds
>         keep_alive = 180s
>
> }
>
>
> Despite the new 180s value
> sending keep alive to xx.xx.xx.170[4500] packets are sent at a default
> 20s intervals.
>
>
> Is there an error in the key notation of the strongswan.conf or another
> issue? How is it possible to debug that the proper value is loaded by
> the strongswan?
>
> Thanks,
> Serge
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUAfJNAAoJEDg5KY9j7GZYxbEP/06ZhtRORTChJUZ80A1V2c7h
/9IE5JRf04EtJwmejVSk6OeUpCPGnoylYyon/y+N9XQyYlF80P0c7k65EXxt7PyE
IcymNI3ZRcFm7YCXgXYWtBbNzMIcqrJtXPswC85B6wZspNZTd5Qt77Oz9sreQ7GL
wk1cdJ8GjNiY+iM1TD2up/6KGA7+/4v2dDtAgzJnE+jqBmtm3T/ikRVKnwHGh7gY
aZPszKc/i4TIbSZjgnBsOaePSv7+o+OQuJGhFscwUg+Bo3o9X7lnCg73C/sBRr5+
iLNl0Kxbbs4ZPP1EmhVDEyz7JynnEWz/SiFXBcsVuP6hf5L8j2EPbDIOP2LwV/Ks
X5FQuLbK/jHrT53LorIW20E866ki25wM9q611RCBcfeu9Ucu3fgOABUWXVO2uMu6
f4I61cBVQbe1yf1yhnUPrO+5/WUsJuJr4tD77jNbXRQoReRJA+Cu3KTMz7aOwmfN
fQ3hpgrHY+ckOinmuOEKW5T68aNlUXbPR869eq5ZYFJvRPIUQ+HEWWX2RTsqqXMz
7pVKuP6LlULuvQ3XO2Chgq9uoof9SmhvshRXjcmf3aXCJa44H8fl0dspaXC86OAN
WsRoEJYklkEKGDztOkKR21usj1NEq+B0WsMfWzQknlyePmN7MLVXemKsVpy5Q5by
iv45zTRdVtFUv0G3ZguA
=Ly0Y
-----END PGP SIGNATURE-----



More information about the Users mailing list