Hello,
I've got a question about dpd.
Right now I see the following scenario with libreswan:
- If a remote connection goes away
- The server starts trying to connect (with increasing interval)
- The max interval is reached
- And then instead of deleting the connection (to which there never was a
response) - the connection cycle starts over
"mytunnel" #24: STATE_MAIN_I1: retransmission; will wait 32 seconds for response
pending IPsec SA negotiation with 89.0.0.1 "mytunnel" took too long --
replacing phase 1
"mytunnel" #21: STATE_MAIN_I1: 60 second timeout exceeded after 7 retransmits.
No response (or no acceptable response) to our first IKEv1 message
"mytunnel" #21: starting keying attempt 2 of an unlimited number
"mytunnel" #22: initiating Main Mode to replace #21
"mytunnel" #21: deleting state (STATE_MAIN_I1) and NOT sending notification
"mytunnel" #22: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for
response
"mytunnel" #22: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
My .conf file includes these:
dpddelay=30
dpdtimeout=120
dpdaction=clear
Why do connection attempts start over again (and the connection not cleared)?
--
Kostya Vasilyev
[email protected]
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
