weiping deng wrote: > Hi Both, > > I have the following questions need your answer. Please help me, thanks. > > Q1: > About the NAT-T, whether strongswan supports: “Detecting and Honouring > the NAT device changing its public address”? > In principle such a situation can be detected by observing a change in the value of the NAT Detection payload contained in DPD messages and the IPsec SA can then be updated using the MOBIKE (RFC 4555) protocol. I'm not sure whether our MOBIKE implementation supports this but Martin will know.
> Q2: > About the DPD, in IKEv2, the default value of DPD timeout (dpdtimeout) = ? > IKEv2 doesn't use IKEv1's dpdtimeout configuration parameter. It just applies the regular retransmission scheme for IKE packets (5 exponentially staggered retransmission) and if no answer is received declares the peer dead after about 2 minutes. > Look forward for your answer, thanks. > > David Regards Andreas ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
