[strongSwan] Tunnels are fluctuating in case of ppp connection

Noel Kuntze noel at familie-kuntze.de
Wed Jul 22 12:29:50 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Nitin,

You're using IKEv2, which uses a global timeout setting in strongswan.conf,
not dpdtimeout.
- From the man page for ipsec.conf:
       dpdtimeout = 150s | <time>
              defines the timeout interval, after which all connections to a peer are deleted in case of inactivity. This only applies to IKEv1,  in  IKEv2  the  default  retransmission
              timeout applies, as every exchange is used to detect dead peers.

Look at the "IKEv2 RETRANSMISSION" section of the man page for strongswan.conf.

Alternatively, use IKEv1.

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 22.07.2015 um 07:26 schrieb Nitin Agarwal:
> Hello Guys
>
> I am trying to achieve stable tunnel connectivity between two systems.
> My System 1 is a modem having ppp connection.And, System 2 is a server.
>
> On System 1, IP use to change and whenever IP changes, sometime system takes upto 20 minutes to form stable tunnel. Sometime is just 50 seconds also. PPP connection takes around 25 seconds to release old IP and acquire new one.
>
> I am attaching the existing configuration.
> Please suggest, if I need to modify the configurations or I am missing something.
>
>
>
>
> *Best Regards*
> *Nitin Agarwal*
>
>
>     
>
>
>
>
>
> This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify Symstream Technology Group immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If
verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company.
> -------------------------
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVr3CcAAoJEDg5KY9j7GZYMJ0P/RJRVW32kd9fkJfJhof4WB6q
bdmddVmBtM7f+ftXkde1NyDrkiMyig4Ye4/xYJMvSmqItwR+f64r+jh3JH+Z4Jbv
vkIbbfikTPt0KPKhqPAJUuEjDZFvKiVJf4dkMHbx9+kPDr3WtvJGHlJyN3OyVcli
gfIIjSt8T6PrDVin5l4REZ5mG5uATiZpcMyFakLamRExzY5iXXhz+Ai++hY3fuRG
TedEo2XyfqaXqxN5GP/EVvPMZ3VHa7eJu5R4xvZ8lrTY46Iu7/TerUXUYDpcspbx
hGmSJVi/704DgOy6XxG/TkLyapd/ojXlPk/zU7Z1DRzpBz29nb3QCykbtNmyXUwt
G+uqDOQsQeYztjr98sWVUMROLcOH4UoF3RhWkX0WdbqeTXfRpWGOoKvgtvnWVkXq
24ODFzV53XEiOp5urtbevevJfIp+8pfXE/IL6sq08w0Zcucjix/h+1DfwnBlD7MO
Y4ZEttzztCxDwr3qmUBi2ULrSqz77KK8pQgacWHE1sr8wTKA9X45akTZgL6/ojZq
QjTwcbH9W7gHI3XHCWJleo6YrUc1OgIOhmtFefZGJoFaQR8m7Y3bYv2v69y2WDbI
EOi2f2pOfytCvhf22PfhAbeHK3AWub2hRTqvrR45qIbpb91GFqU6Y/aYg9hJlhUE
2HE/OCNfW/CiQx6Ckd2+
=/9V8
-----END PGP SIGNATURE-----




More information about the Users mailing list