[strongSwan] strongswan-5.1.1 keep alive setting
s s
y52 at europe.com
Tue Sep 2 23:39:29 CEST 2014
Hello,
We have finally resolved the missing frw policy issue for the
Linux strongSwan U5.1.1/K2.6.18-371.11.1.el5 behind the non-administered
NAT.
Now the site-site tunnel routes transparently to our satisfaction.
In the effort to improve the behind the NAT configuration and decrease
the generated network traffic, I have set the charon.keep_alive key
value in the /etc/strongswan.conf :
# strongswan.conf - strongSwan configuration file
charon {
# number of worker threads in charon
threads = 16
# plugins to load in charon
# load = aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509
stroke
plugins {
sql {
# loglevel to log into sql database
loglevel = -1
# URI to the database
# database = sqlite:///path/to/file.db
# database =
mysql://user:password@localhost/database
}
}
# ...
dns1 = 192.168.3.56
nbns1 = 192.168.3.56
#
https://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf
# Defaults for options in this section can be configured in the
libstrongswan section.
# NAT keep alive interval in seconds
keep_alive = 180s
}
Despite the new 180s value
sending keep alive to xx.xx.xx.170[4500] packets are sent at a default
20s intervals.
Is there an error in the key notation of the strongswan.conf or another
issue? How is it possible to debug that the proper value is loaded by
the strongswan?
Thanks,
Serge
More information about the Users
mailing list