Hello, Any insight to the below would be helpful.
Regards, -sanjay From: [email protected] [mailto:[email protected]] On Behalf Of Shukla, Sanjay Sent: Friday, April 13, 2012 3:58 PM To: [email protected] Subject: [strongSwan] help: ping behaviour when tunnel is not established I request you urgent help in understanding this behavior. When a connection is configured in /etc/ipsec.conf but the left side of the connection is not responding (say left is unreachable) I see the ping behavior as below root@ffd-ipsec-189 sanjay]# ping 10.204.74.188 basically ping is stuck or blocked. Now if I do not have a connection configured in the /etc/ipsec.conf I see that the ping responds like this root@ffd-ipsec-189 sanjay]# ping 10.204.74.188 PING 10.204.74.188 (10.204.74.188) 56(84) bytes of data. >From 10.204.74.189 icmp_seq=2 Destination Host Unreachable >From 10.204.74.189 icmp_seq=3 Destination Host Unreachable >From 10.204.74.189 icmp_seq=5 Destination Host Unreachable What settings can be done for a timeout to occurs to that a program that is trying to reach an ip may not be blocked forever if ipsec SA cannot be established ? My connection setting as follows #Below Are The Configuration for CCM_CCM IPSec Tunnel conn LocalIP_LocalIP_10.204.74.188 left=10.204.74.189 leftcert=ServLcl.pem leftsendcert=yes leftupdown=/opt/ipc/security/ipsectunnel/rightdown.sh right=10.204.74.188 rightid=%any keyexchange=ikev2 type=transport reauth=no dpddelay=5s dpdaction=restart keyingtries=%forever auto=route regards, -sanjay [cid:[email protected]]Please consider the environment before printing this email. ________________________________ DISCLAIMER: This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unintended recipients are prohibited from taking action on the basis of information in this e-mail.E-mail messages may contain computer viruses or other defects, may not be accurately replicated on other systems, or may be intercepted, deleted or interfered with without the knowledge of the sender or the intended recipient. If you are not comfortable with the risks associated with e-mail messages, you may decide not to use e-mail to communicate with IPC. IPC reserves the right, to the extent and under circumstances permitted by applicable law, to retain, monitor and intercept e-mail messages to and from its systems.
<<inline: image001.png>>
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
