[strongSwan] DPD operation different when using multiple interfaces
Modster, Anthony
Anthony.Modster at Teledyne.com
Fri Mar 24 17:52:33 CET 2017
Hello
? why doesn't each connection stop after the DPD retry limit is reached (transmission retries start over to from 5 to 1)
? why doesn't each connection entry clear after the DPD retry limit is reached (swanctl --list-sas shows all connections)
? why on reconnect does each connection create a new entry (and then leave zombie entries of the prior connection)
Procedure
* Configuration: DPD delay =2s, DPD action = clear
* Note: using VICI
* Using 4 radio interfaces
* Allow all radio to create VPN tunnels
* Bring down all radio interfaces
* Allow DPD to finish a 5 retries
* We then notice all VPN connection would start over and retry
* Then after that bring up the radio interfaces
* All radio would reconnect, swanctl -list-sas shows the new connections and the old zombie connections
The above does not happen when we use 1 radio connection (DPD stops after 5 retries and the entry clears)
Let me know if more information is needed.
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170324/19ce55ec/attachment.html>
More information about the Users
mailing list