[strongSwan] fail to send DPD
Bingzheng Wu
wubingzheng at gmail.com
Tue Aug 9 15:11:20 CEST 2016
Hi all
I have 2 IPSEC servers and 2 clients.
Both 2 clients connect to both servers, so there are 4 sessions.
Some days ago, the network of the servers' IDC broke for several minutes.
Then the 2 servers send DPD messages to clients.
The clients received them and replied, but servers did not received the
replies.
Then the 2 servers shutdown the sessions.
So far so good.
However, the 2 clients still thought the sessions are good, and did not
send any DPD messages.
So there were mis-match between the servers and clients.
Any one know the possible reason?
Thanks in advance
Wu
===configure of servers:===
config setup
conn listen-xxx
right=%any
auto=add
leftcert=cert.pem
rightca="CN=test-CA"
type=transport
keyexchange=ikev2
esp=aes128gcm12,aes128-sha1
ikelifetime=365d
lifetime=1d
dpdaction=clear
===configure of clients:===
config setup
conn %default
leftcert=cert.pem
rightca="CN=test-CA"
type=transport
keyexchange=ikev2
esp=aes128gcm12,aes128-sha1
ikelifetime=365d
lifetime=1d
auto=start
dpdaction=restart
closeaction=restart
keyingtries=%forever
conn xxx1
right=1.2.3.5
rightid="CN=xxx1"
conn xxx2
right=1.2.3.4
rightid="CN=xxx2"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160809/7229326c/attachment.html>
More information about the Users
mailing list