[strongSwan] DPD issues when using multiple interfaces to same Gateway
Modster, Anthony
Anthony.Modster at Teledyne.com
Fri Apr 21 18:26:37 CEST 2017
Hello Tobias
Also, we are using VICI
-----Original Message-----
From: Modster, Anthony
Sent: Friday, April 21, 2017 9:24 AM
To: 'Tobias Brunner' <tobias at strongswan.org>; Marc Obbad <marc.obbad at gmail.com>; Users at lists.strongswan.org
Subject: RE: [strongSwan] DPD issues when using multiple interfaces to same Gateway
Hello Tobias
See below
-----Original Message-----
From: Users [mailto:users-bounces at lists.strongswan.org] On Behalf Of Tobias Brunner
Sent: Friday, April 21, 2017 12:24 AM
To: Marc Obbad <marc.obbad at gmail.com>; Users at lists.strongswan.org
Subject: Re: [strongSwan] DPD issues when using multiple interfaces to same Gateway
Hi Marc,
> 1- Are DPD rules apply to individual tunnels? If one tunnel cannot
> communicate with the Gateway but other are, what happen if DPD timer
> expires in only one of them?
Yes, they apply to each IKE_SA individually.
A.M. DpdAction=clear, and multiple interfaces, after one DPD timer expires, it may not clear.
If DpdAction=clear, and single interface, after DPD timer expires, it does clear.
> 2- When we set DPD action as restart, do we need to terminate the
> current IKE after DPD timer expires or it is done automatically?
The SA will be automatically restarted.
A.M. after the restart and the interface comes back up, the tunnel indicates ESTABLISHED, but is not useable.
> 3- In our case DPD behavior depends if we have only one interface or
> we have multiple interface connected to same Gateway. It is working
> when we have only one interface.
Not sure what you mean.
Regards,
Tobias
_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list