On Thu, 16 Feb 2017 12:31:15 -0500 (EST) Paul Wouters <[email protected]> wrote:
> The question is, can we make that change now without breaking > backwards compatibility. We might have people who defined dpdtimeout= > and dpddelay= and using the default action, who would no longer see > any DPD happening. Libreswan dpd has always worked that way. dpddelay= and dpdtimeout= settings enable dpd and dpdaction=hold is the default which doesn't require being especially set. We have been discussing to remove whole dpdaction= because we know what user want to happen when dpd is enabled. if auto=start you want dpd to restart tunnel if auto=route|ondemand you want dpd to hold tunnel if auto=add you want dpd to clear tunnel If you have other requirement than this I'd like to hear about that. With explanation. So removing whole dpdaction= would be correct thing to do but still, if we now set defaults for dpdtimeout and dpddelay we enable dpd for all vpn tunnels which might not be wanted effect. That would also happen if we add dpd/liveness=on|off switch. So any real fix requires breaking some configuration either by enabling liveness checks or disabling them. Only choise which doesn't break anything is not to set default values and require dpdtimeout and dpddelay to be set to enable dpd/liveness checks to happen. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/> _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
