[strongSwan] auto=route and dpd settings
Paul Nguyen
pnguyen at okta.com
Sun Jun 12 01:41:23 CEST 2016
Hi,
I’m running Strongswan 5.3.5. I have the following conn section.
conn transport-conn
type=transport
authby=pubkey
keyexchange=ikev2
aggressive=no
ike=aes128gcm128-sha256-ecp256
esp=aes128gcm128-sha256-ecp256-esn
left=%any
leftcert=/etc/strongswan/ipsec.d/certs/cert.pem
right=%any
rightsubnet=10.21.128.0/18
dpdaction=clear
dpddelay=30s
dpdtimeout=120s
mobike=no
auto=route
I’ve read through the mailing lists archives and issues, and as I understand it is if you have auto=route then dpdaction is not needed because the auto=route installs the trap policy in the kernel. I’m still unclear, if I have auto=route do I need to set dpdaction? And can I set dpddelay to 0? What is the effect of doing that?
Thanks,
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160611/903d62f1/attachment.html>
More information about the Users
mailing list