On Thu, Jun 11, 2020 at 02:36:53PM +, Leclerc, Sebastien wrote:
> > I seems I got it wrong before. Even when there was ESP traffic, iked is
> > going
> > to start DPD when there hasn't been any incoming IKE message in the last
> > 5 minutes.
> >
> > My advice would be to just disable DPD in
> I seems I got it wrong before. Even when there was ESP traffic, iked is going
> to start DPD when there hasn't been any incoming IKE message in the last
> 5 minutes.
>
> My advice would be to just disable DPD in iked for this specific case.
> To do this you will have to patch it and build it
On Tue, Jun 09, 2020 at 08:13:53PM +, Leclerc, Sebastien wrote:
> > > > Before 6.7 iked didn't start DPD in this particular case.
> > > > It kicks in if the tunnel is up and there haven't been any incoming ESP
> > > > packets
> > > > in the last 5 minutes.
> > > > A possible workaround would
> > > Before 6.7 iked didn't start DPD in this particular case.
> > > It kicks in if the tunnel is up and there haven't been any incoming ESP
> > > packets
> > > in the last 5 minutes.
> > > A possible workaround would be to ping through the tunnel to have at
> > > least one
> > > incoming
On Tue, Jun 09, 2020 at 06:29:05PM +, Leclerc, Sebastien wrote:
> > Before 6.7 iked didn't start DPD in this particular case.
> > It kicks in if the tunnel is up and there haven't been any incoming ESP
> > packets
> > in the last 5 minutes.
> > A possible workaround would be to ping through
> Before 6.7 iked didn't start DPD in this particular case.
> It kicks in if the tunnel is up and there haven't been any incoming ESP
> packets
> in the last 5 minutes.
> A possible workaround would be to ping through the tunnel to have at least one
> incoming packet every 5 minutes.
There is
On Tue, Jun 09, 2020 at 01:11:38PM +, Leclerc, Sebastien wrote:
> > > > Jun 8 12:23:24 hv-fw-inf-02 iked[50153]: spi=0xa84faba012c73dce:
> > > > retransmit 1 INFORMATIONAL req 2
> > > peer 192.0.2.199:500 local 192.0.2.2:500
> > > > Jun 8 12:23:28 hv-fw-inf-02 iked[50153]:
> > > Jun 8 12:23:24 hv-fw-inf-02 iked[50153]: spi=0xa84faba012c73dce:
> > > retransmit 1 INFORMATIONAL req 2
> > peer 192.0.2.199:500 local 192.0.2.2:500
> > > Jun 8 12:23:28 hv-fw-inf-02 iked[50153]: spi=0xa84faba012c73dce:
> > > retransmit 2 INFORMATIONAL req 2
> > peer 192.0.2.199:500
On Mon, Jun 08, 2020 at 05:28:48PM +, Leclerc, Sebastien wrote:
> After an upgrade to 6.7 on amd64 this weekend, iked keeps reconnecting every
> 8 minutes, but only for one tunnel, to a Watchguard firewall. The tunnel has
> been functioning properly for 5 years. Other tunnels t
After an upgrade to 6.7 on amd64 this weekend, iked keeps reconnecting every 8
minutes, but only for one tunnel, to a Watchguard firewall. The tunnel has been
functioning properly for 5 years. Other tunnels to OpenBSD devices do not
reconnect every 8 minutes. I confirmed there a no dropped
10 matches
Mail list logo
