[strongSwan] Tunnels are fluctuating in case of ppp connection

Noel Kuntze noel at familie-kuntze.de
Wed Jul 22 12:29:50 CEST 2015

Hash: SHA256

Hello Nitin,

You're using IKEv2, which uses a global timeout setting in strongswan.conf,
not dpdtimeout.
- From the man page for ipsec.conf:
       dpdtimeout = 150s | <time>
              defines the timeout interval, after which all connections to a peer are deleted in case of inactivity. This only applies to IKEv1,  in  IKEv2  the  default  retransmission
              timeout applies, as every exchange is used to detect dead peers.

Look at the "IKEv2 RETRANSMISSION" section of the man page for strongswan.conf.

Alternatively, use IKEv1.

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 22.07.2015 um 07:26 schrieb Nitin Agarwal:
> Hello Guys
> I am trying to achieve stable tunnel connectivity between two systems.
> My System 1 is a modem having ppp connection.And, System 2 is a server.
> On System 1, IP use to change and whenever IP changes, sometime system takes upto 20 minutes to form stable tunnel. Sometime is just 50 seconds also. PPP connection takes around 25 seconds to release old IP and acquire new one.
> I am attaching the existing configuration.
> Please suggest, if I need to modify the configurations or I am missing something.
> *Best Regards*
> *Nitin Agarwal*
> This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify Symstream Technology Group immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If
verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company.
> -------------------------
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

Version: GnuPG v2


More information about the Users mailing list