[strongSwan] strongswan-5.1.1 keep alive setting

s s y52 at europe.com
Tue Sep 2 23:39:29 CEST 2014


Hello,

We have finally resolved the missing frw policy issue for the
Linux strongSwan U5.1.1/K2.6.18-371.11.1.el5 behind the non-administered 
NAT.

Now the site-site tunnel routes transparently to our satisfaction.

In the effort to improve the behind the NAT configuration and decrease 
the generated network traffic, I have set the charon.keep_alive key 
value in the  /etc/strongswan.conf :

# strongswan.conf - strongSwan configuration file

charon {

        # number of worker threads in charon
        threads = 16

        # plugins to load in charon
        # load = aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509 
stroke

        plugins {

                sql {
                        # loglevel to log into sql database
                        loglevel = -1

                        # URI to the database
                        # database = sqlite:///path/to/file.db
                        # database = 
mysql://user:password@localhost/database
                }
        }

        # ...

        dns1 = 192.168.3.56
        nbns1 = 192.168.3.56

        # 
https://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf
        # Defaults for options in this section can be configured in the 
libstrongswan section.
        # NAT keep alive interval in seconds
        keep_alive = 180s

}


Despite the new 180s value
sending keep alive to xx.xx.xx.170[4500] packets are sent at a default 
20s intervals.


Is there an error in the key notation of the strongswan.conf or another 
issue? How is it possible to debug that the proper value is loaded by 
the strongswan?

Thanks,
Serge




More information about the Users mailing list