Am Dienstag, den 07.04.2015, 16:28 +0200 schrieb jean-yves boisiaud:
> I'm using IPSec with OpenBSD.
[..]
> As the remote IT engineers wanted me to enable DPD, I changed the ipsec
> configuration from active to dynamic, but nothing changes.
I remember, I once had some issues once with DPD too. IIRC "dynamic" was
not what I wanted for some reason. A quick glance at the manpage
suggests me that it might be, that "dynamic" will also us "hostname" as
ID pararameter, whilst IKE allows only IP addresses according to the
standard (RFC 2409, 5.4).
What I finally did was simply to enable DPD by default in isakmpd.conf
(you want to have it always on anyways).
Cheers
David
--
David Dahlberg
Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845
Fraunhoferstr. 20, 53343 Wachtberg, Germany | Fax: +49-228-856277
