[strongSwan] Handling DPD outside of strongswan

[Peter Hsiang]

Hi,


Given that the normal traffic is used for DPD, and the empty DPD packets are only used when there is a lack of data traffic to inform the other end that the connection is still active, is it possible to run the DPD part of the protocol outside of strongswan and still work properly in conjunction with the normal traffic in strongswan?  The DPD part of strongswan will be disabled, and the DPD will be handled by another processor sharing the same network connection, but has no knowledge of what strongswan is doing.


1) Handling DPD received: Upon receiving a DPD, the software external to strongswan will send a DPD response.  Strongswan will ignore it.  Will this work, and will it still be conforming to the protocol standards?


2) Transmitting DPD: The software external to strongswan will periodically send a DPD for strongswan regardless of whether there is active traffic from strongswan.


In either case, the sequence numbers of packets between strongswan and the external software will likely be out of sync.  Will this be ok still, and achieve the goal of keeping the connection alive?

The goal of this is to save power by putting strongswan to sleep when there is no active traffic.

Thanks,

Peter

-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may contain
confidential information.  Any unauthorized review, use, disclosure or distribution
is prohibited.  If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181031/d121e9bc/attachment.html>