[strongSwan] dpd not getting triggered
Andreas Steffen
andreas.steffen at strongswan.org
Fri Jan 12 10:15:35 CET 2018
Hi Kalyani,
strongSwan uses NAT detection payloads in INFORMATIONAL messages with
RFC 4555 MOBIKE which is enabled by default. See
https://tools.ietf.org/html/rfc4555#section-3.8
Regards
Andreas
On 12.01.2018 07:16, Kalyani Garigipati (kagarigi) wrote:
> Hi,
>
>
>
> Thanks a lot for the reply. It worked. I see the dpd triggering now.
>
>
>
> I am working on a case when dpd from strongswan sends the nat detection
> payloads.
>
> I wanted to know upon which conditions strongswan would send dpd request
> with nat_detection_src_ip and nat_detection_dst_ip.
>
>
>
> Is it done only in specific case like when strongswan is behind the nat
> ? and strongswan is in remote-access-client ?
>
>
>
> Regards,
>
> kalyani
>
>
>
> *From:*bls s [mailto:blscl at outlook.com]
> *Sent:* Friday, January 12, 2018 6:40 AM
> *To:* Kalyani Garigipati (kagarigi) <kagarigi at cisco.com>;
> users at lists.strongswan.org
> *Subject:* RE: [strongSwan] dpd not getting triggered
>
>
>
> By default dpdaction=none, which disables sending dpd messages.
>
>
>
> *From: *Kalyani Garigipati (kagarigi) <mailto:kagarigi at cisco.com>
> *Sent: *Thursday, January 11, 2018 10:47 AM
> *To: *users at lists.strongswan.org <mailto:users at lists.strongswan.org>
> *Subject: *[strongSwan] dpd not getting triggered
>
>
>
> Hi,
>
> I am using strongswan version 5.6.1
> I found that even though I configured dpd using dpddelay and dpdtimeout,
> dpd is not getting triggered from strongswan client at all even though
> there is no traffic passing.
> Please let me know how to debug this.
>
>
> config setup
> charondebug=all
> # crlcheckinterval=600
> # strictcrlpolicy=yes
> # cachecrls=yes
> # nat_traversal=yes
> # charonstart=no
>
> conn %default
> ikelifetime=100m
> keylife=20m
> rekeymargin=8m
> keyingtries=1
> authby=psk
> keyexchange=ikev2
> ike=aes256-sha256-modp1024
> esp=3des-sha1
> mobike=yes
> dpddelay=5s
> dpdtimeout=150s
>
> # Add connections here.
>
> # Add connections here.
> conn net-net
> left=10.127.47.104
> leftsubnet=10.127.47.104/32
> leftid=10.127.47.104
> right=10.104.108.110
> rightsubnet=10.104.108.110/32
> rightid=10.104.108.110
> auto=start
>
> ~
> Regards,
> kalyani
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[INS-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2945 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180112/48a24b85/attachment.bin>
More information about the Users
mailing list