[strongSwan] DPD question

Makarand Pradhan MakarandPradhan at is5com.com
Tue Aug 4 19:27:34 CEST 2020 

Thanks for your response.

I have verified that retransmit_tries = 1 Works for DPD.

root at t1024rdb:/usr/local/etc/strongswan.d# swanctl --log
14[IKE] sending DPD request
14[ENC] generating INFORMATIONAL request 2 [ ]
14[NET] sending packet: from 172.16.31.1[500] to 172.16.21.2[500] (76 bytes)
07[IKE] retransmit 1 of request with message ID 2
07[NET] sending packet: from 172.16.31.1[500] to 172.16.21.2[500] (76 bytes)
13[IKE] sending DPD request
13[ENC] generating INFORMATIONAL request 2 [ ]
13[NET] sending packet: from 172.16.31.100[500] to 172.16.21.100[500] (76 bytes)
08[IKE] giving up after 1 retransmits
11[IKE] retransmit 1 of request with message ID 2
11[NET] sending packet: from 172.16.31.100[500] to 172.16.21.100[500] (76 bytes)
06[IKE] giving up after 1 retransmits

Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
Email: makarandpradhan at is5com.com
Website: www.iS5Com.com

 
Confidentiality Notice: 
This message is intended only for the named recipients. This message may contain information that is confidential and/or exempt from disclosure under applicable law. Any dissemination or copying of this message by anyone other than a named recipient is strictly prohibited. If you are not a named recipient or an employee or agent responsible for delivering this message to a named recipient, please notify us immediately, and permanently destroy this message and any copies you may have. Warning: Email may not be secure unless properly encrypted.

-----Original Message-----
From: Thomas Egerer <hakke_007 at gmx.de> 
Sent: August 4, 2020 12:10 PM
To: Makarand Pradhan <MakarandPradhan at is5com.com>; users at lists.strongswan.org
Subject: Re: [strongSwan] DPD question

Hi Makarand,

the retransmit_tries option is exactly what you're looking for. It defaults to five (see [1]). Essentialy charon's task manager tries to retransmit each packet at most five times (if not configured
otherwise) regardless of the message type. There's no extra option for R-U-There messages or DPD requests.

Thomas

[1] https://wiki.strongswan.org/projects/strongswan/wiki/Strongswanconf

On 8/4/20 5:33 PM, Makarand Pradhan wrote:
> Good morning All,
>
> Is there a way to configure the number of DPD retries before giving up? We would like to configure 5 R-U-There failures before taking the connection down. The retransmit_tries in charon.conf, controls the IKE retransmits. Don't think it's affecting DPD behaviour.
>
> Thanks for looking at my qery.
>
> Kind rgds,
> Makarand Pradhan
> Senior Software Engineer.
> iS5 Communications Inc.
> 5895 Ambler Dr,
> Mississauga, Ontario
> L4W 5B7
> Main Line: +1-844-520-0588 Ext. 129
> Direct Line: +1-289-724-2296
> Cell: +1-226-501-5666
> Fax:+1-289-401-5206
> Email: makarandpradhan at is5com.com
> Website: www.iS5Com.com
>
>  
> Confidentiality Notice:
> This message is intended only for the named recipients. This message may contain information that is confidential and/or exempt from disclosure under applicable law. Any dissemination or copying of this message by anyone other than a named recipient is strictly prohibited. If you are not a named recipient or an employee or agent responsible for delivering this message to a named recipient, please notify us immediately, and permanently destroy this message and any copies you may have. Warning: Email may not be secure unless properly encrypted.
>

More information about the Users mailing list