[strongSwan] IKEV2: Query on DPD delay timer of Initiator
Babu, Anoop (Nokia - IN/Bangalore)
anoop.babu at nokia.com
Sat Apr 1 09:12:48 CEST 2017
############### ###############
# Gateway # # Gateway #
# MOON # # SUN #
# Initiator # # Responder #
############### IKEv1 tunnel established ###############
192.168.0.1 ============================== 192.168.0.2
Drop rule added in iptable INPUT chain of SUN to block tunnel packets
> iptables --insert INPUT -s 192.168.0.1 -d 192.168.0.2 -m comment --comment "block packets from MOON to SUN" -j DROP
1. After adding the drop rule, no packets are received by strongswan in SUN.
2. No ESP packets flowing from SUN to MOON.
3. MOON starts DPD delay timer.
4. Now there are some informational ISAKMP messages flowing from SUN to MOON. Will this affect the DPD delay timer in MOON ? What is the effect in IKEv2
More information about the Users
mailing list