Hi Kristian, > Is it possible to somehow write a plugin or modify the code so it is > possible to make the behavior for DPD independent of the settings that > are used in other situations?
Retransmission timeouts are currently global options. Making these settings per-connection is not that trivial: We'd have to introduce new ipsec.conf keywords, pass them via starter and stroke and finally store them on the peer_cfg [1]. Then we could read these values in the task manager [2]. No rocket-science, but needs some work. While implementing IKEv1 DPD, we have added a connection specific DPD timeout option to the peer_cfg. It is currently used for IKEv1 only, and overrides the cumulative timeout to detect a dead peer. It does not affect retransmission, but only the timeout. Maybe we should use a similar behavior for IKEv2. This would be at least somewhat more congruent, and brings connection specific DPD timeout. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/config/peer_cfg.h;h=57215350566fded3f5c0c33c5d6e145639ff706c;hb=HEAD#l97 [2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/sa/ikev2/task_manager_v2.c;h=81367d21c8156b33c53124756644e503dde21d02;hb=HEAD#l1497 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
