[strongSwan] DPD issues when using multiple interfaces to same Gateway
Marc Obbad
marc.obbad at gmail.com
Fri Apr 21 04:51:01 CEST 2017
Hi all,
We have two general question about StongSwan 5.5.1 and DPD when using multiple interfaces to same Gateway.
Our system is using up to Four GSM interfaces and one Ethernet interfaces ( The ethernet interfaces is directly connected to SatCom device). We create a VPN tunnel to the same Gateway for all interfaces. One of The issue we are having in when DPD timer expire on one interface but others are still connected to the Gateway.
Note that our application binds to the Virtual address of the tunnel and not to the IP address of the interface. Also we are using VICI interface.
1- Are DPD rules apply to individual tunnels? If one tunnel cannot communicate with the Gateway but other are, what happen if DPD timer expires in only one of them?
2- When we set DPD action as restart, do we need to terminate the current IKE after DPD timer expires or it is done automatically?
3- In our case DPD behavior depends if we have only one interface or we have multiple interface connected to same Gateway. It is working when we have only one interface.
Any input is appreciated.
Thank you.
More information about the Users
mailing list