[strongSwan] Query on DPD delay timer of Initiator.
Babu, Anoop (Nokia - IN/Bangalore)
anoop.babu at nokia.com
Fri Mar 31 15:48:18 CEST 2017
############### ###############
# Gateway # # Gateway #
# MOON # # SUN #
# Initiator # # Responder #
############### IKEv1 tunnel established ###############
192.168.0.1 ========================================= 192.168.0.2
Drop rule added in iptable INPUT chain of SUN to block tunnel packets
> iptables --insert INPUT -s 192.168.0.1 -d 192.168.0.2 -m comment --comment "block packets from MOON to SUN" -j DROP
1. After adding the drop rule, no packets are recieved by strongswan in SUN.
2. No ESP packets flowing from SUN to MOON.
3. MOON starts DPD delay timer.
4. Now there are some informational ISAKMP messages flowing from SUN to MOON. Will this affect the DPD delay timer in MOON ? If yes, then is it same in IKEv2?
Why SUN, being a responder is sending R_U_THERE messages to Initiator, MOON?
More information about the Users
mailing list