[strongSwan] Some IKEv2 questions
Fred
curious_freddy at gmsl.co.uk
Wed Mar 4 16:31:29 CET 2015
On 04/03/2015 10:47, Martin Willi wrote:
>> Mar 4 10:02:05 foo charon: 15[IKE] sending DPD request
>> Mar 4 10:02:05 foo charon: 15[ENC] generating INFORMATIONAL request 0 [ ]
>> Mar 4 10:04:50 foo charon: 02[IKE] giving up after 5 retransmits
>
> Your client does not answer to liveness checks. Most likely the packets
> get lost, or the client does not answer.
Just in case this helps other people:
I came across the following:
https://msdn.microsoft.com/en-us/library/cc233476.aspx
Of not is Section 3.12.1: Dead Peer Detection is implemented only for
server-to-server site-to-site-tunnel mode IPsec tunnels on Windows
Server 2012 and Windows Server 2012 R2. Dead Peer Detection is not
implemented on Windows 8 or Windows 8.1 for IKEv2-based VPN (that is,
VPN Reconnect).
Looks like I probably want to use dpdaction = none with these OSes using
the native IPSEC client.
More information about the Users
mailing list