[strongSwan] dpd not getting triggered

Kalyani Garigipati (kagarigi) kagarigi at cisco.com
Fri Jan 12 07:16:40 CET 2018 

Hi,

Thanks a lot for the reply. It worked. I see the dpd triggering now.

I am working on a case when dpd from strongswan sends the nat detection payloads.
I wanted to know upon which conditions strongswan would send dpd request with nat_detection_src_ip and nat_detection_dst_ip.

Is it done only in specific case like when strongswan is behind the nat ? and strongswan is in remote-access-client ?

Regards,
kalyani

From: bls s [mailto:blscl at outlook.com]
Sent: Friday, January 12, 2018 6:40 AM
To: Kalyani Garigipati (kagarigi) <kagarigi at cisco.com>; users at lists.strongswan.org
Subject: RE: [strongSwan] dpd not getting triggered


By default dpdaction=none, which disables sending dpd messages.



From: Kalyani Garigipati (kagarigi)<mailto:kagarigi at cisco.com>
Sent: Thursday, January 11, 2018 10:47 AM
To: users at lists.strongswan.org<mailto:users at lists.strongswan.org>
Subject: [strongSwan] dpd not getting triggered


Hi,

I am using strongswan version 5.6.1
I found that even though I configured dpd using dpddelay and dpdtimeout, dpd is not getting triggered from strongswan client at all even though there is no traffic passing.
Please let me know how to debug this.


config setup
         charondebug=all
        # crlcheckinterval=600
        # strictcrlpolicy=yes
        # cachecrls=yes
        # nat_traversal=yes
        # charonstart=no

conn %default
       ikelifetime=100m
       keylife=20m
       rekeymargin=8m
       keyingtries=1
       authby=psk
       keyexchange=ikev2
       ike=aes256-sha256-modp1024
       esp=3des-sha1
       mobike=yes
       dpddelay=5s
       dpdtimeout=150s

# Add connections here.

# Add connections here.
conn net-net
        left=10.127.47.104
        leftsubnet=10.127.47.104/32
        leftid=10.127.47.104
        right=10.104.108.110
        rightsubnet=10.104.108.110/32
        rightid=10.104.108.110
        auto=start

~
Regards,
kalyani
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180112/be77ef0b/attachment.html>

More information about the Users mailing list