[strongSwan] Recommendations for dpdaction= and auto=
Tom Rymes
trymes at rymes.com
Thu Jul 30 18:18:11 CEST 2015
We have a number of sites connected via StrongSwan IKEv2 tunnels, and I
was hoping that someone might provide me with the recommended settings
for dpdaction and auto, given our setup. I think have a reasonable
handle on this, but I wanted to ask in case I was doing anything that
might result in reduced reliability or fault tolerance.
1.) Two main offices with static IPs, Phone, file, print, and database
servers.
2.) Multiple branch office, most with static IPs, a few with Dynamic
IPs, client PCs and SIP phones. Each branch has two tunnels, one to each
main office.
I am fairly certain that I was previously told to set dpdaction=restart
in the main offices and dpdaction=clear in the branches, but I am not
certain what I should be doing with the auto= directive.
The main goal is reliability of the tunnels and a reduced need to
restart tunnels manually when one side or the other loses connectivity.
Many thanks,
Tom
More information about the Users
mailing list