[strongSwan] Some IKEv2 questions

Martin Willi martin at strongswan.org
Wed Mar 4 17:16:54 CET 2015


> Of not is Section 3.12.1: Dead Peer Detection is implemented only for 
> server-to-server site-to-site-tunnel mode IPsec tunnels on Windows 
> Server 2012 and Windows Server 2012 R2. Dead Peer Detection is not 
> implemented on Windows 8 or Windows 8.1 for IKEv2-based VPN (that is, 
> VPN Reconnect).

Not sure what exactly Microsoft means with that, but I can't confirm it.

At least with the Windows 7 agile VPN client (as configured through
RAS), IKEv2 liveness checks work just fine. In IKEv2, it is actually not
called Dead Peer Detection, but liveness checks. And these are not
optional to implement as exchange responder, but part of the core
standard.

Most likely Microsoft refers with that to IKEv1 DPD defined in RFC 3706,
but implementing that for IKEv2 obviously makes no sense.

Regards
Martin





More information about the Users mailing list