[strongSwan] strongswan-5.1.1 keep alive setting
s s
y52 at europe.com
Sat Aug 30 19:05:00 CEST 2014
Noel,
dpddelay doesn't work either.
I believe that on the contrary, that certain ipsec.conf settings are deprecated and moverd to strongswan.conf
Rgds,
Serge
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello,
Did you try setting dpddelay?
I think parameters in strongswan.conf are deprecated,
if a parameter with the same function exists in ipsec.conf.
Regards,
Noel Kuntze
GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 30.08.2014 um 17:08 schrieb s s:
> Hello,
>
> We have finally resolved the missing frw policy issue for the
> Linux strongSwan U5.1.1/K2.6.18-371.11.1.el5 behind the non-administered
> NAT.
>
> Now the site-site tunnel routes transparently to our satisfaction.
>
> In the effort to improve the behind the NAT configuration and decrease
> the generated network traffic, I have set the charon.keep_alive key
> value in the /etc/strongswan.conf :
>
> # strongswan.conf - strongSwan configuration file
>
> charon {
>
> # number of worker threads in charon
> threads = 16
>
> # plugins to load in charon
> # load = aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509
> stroke
>
> plugins {
>
> sql {
> # loglevel to log into sql database
> loglevel = -1
>
> # URI to the database
> # database = sqlite:///path/to/file.db
> # database =
> mysql://user:password@localhost/database
> }
> }
>
> # ...
>
> dns1 = 192.168.3.56
> nbns1 = 192.168.3.56
>
> #
> https://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf
> # Defaults for options in this section can be configured in the
> libstrongswan section.
> # NAT keep alive interval in seconds
> keep_alive = 180s
>
> }
>
>
> Despite the new 180s value
> sending keep alive to xx.xx.xx.170[4500] packets are sent at a default
> 20s intervals.
>
>
> Is there an error in the key notation of the strongswan.conf or another
> issue? How is it possible to debug that the proper value is loaded by
> the strongswan?
>
> Thanks,
> Serge
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJUAfJNAAoJEDg5KY9j7GZYxbEP/06ZhtRORTChJUZ80A1V2c7h
/9IE5JRf04EtJwmejVSk6OeUpCPGnoylYyon/y+N9XQyYlF80P0c7k65EXxt7PyE
IcymNI3ZRcFm7YCXgXYWtBbNzMIcqrJtXPswC85B6wZspNZTd5Qt77Oz9sreQ7GL
wk1cdJ8GjNiY+iM1TD2up/6KGA7+/4v2dDtAgzJnE+jqBmtm3T/ikRVKnwHGh7gY
aZPszKc/i4TIbSZjgnBsOaePSv7+o+OQuJGhFscwUg+Bo3o9X7lnCg73C/sBRr5+
iLNl0Kxbbs4ZPP1EmhVDEyz7JynnEWz/SiFXBcsVuP6hf5L8j2EPbDIOP2LwV/Ks
X5FQuLbK/jHrT53LorIW20E866ki25wM9q611RCBcfeu9Ucu3fgOABUWXVO2uMu6
f4I61cBVQbe1yf1yhnUPrO+5/WUsJuJr4tD77jNbXRQoReRJA+Cu3KTMz7aOwmfN
fQ3hpgrHY+ckOinmuOEKW5T68aNlUXbPR869eq5ZYFJvRPIUQ+HEWWX2RTsqqXMz
7pVKuP6LlULuvQ3XO2Chgq9uoof9SmhvshRXjcmf3aXCJa44H8fl0dspaXC86OAN
WsRoEJYklkEKGDztOkKR21usj1NEq+B0WsMfWzQknlyePmN7MLVXemKsVpy5Q5by
iv45zTRdVtFUv0G3ZguA
=Ly0Y
-----END PGP SIGNATURE-----
Previous message: [strongSwan] strongswan-5.1.1 keep alive setting
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list
More information about the Users
mailing list