Hi Thanks for the reply. Is it possible to get callbacks when Strongswan identifies that no traffic happens (the first step in the DPD), and then when traffic happens again? In this way we can implement our own custom DPD! Best Regards, Kristian
-----Original Message----- From: Martin Willi [mailto:[email protected]] Sent: 6. juli 2012 16:56 To: Lippert Kristian Cc: [email protected] Subject: Re: [strongSwan] Alternative ways of controlling DPD Hi Kristian, > Is it possible to somehow write a plugin or modify the code so it is > possible to make the behavior for DPD independent of the settings that > are used in other situations? Retransmission timeouts are currently global options. Making these settings per-connection is not that trivial: We'd have to introduce new ipsec.conf keywords, pass them via starter and stroke and finally store them on the peer_cfg [1]. Then we could read these values in the task manager [2]. No rocket-science, but needs some work. While implementing IKEv1 DPD, we have added a connection specific DPD timeout option to the peer_cfg. It is currently used for IKEv1 only, and overrides the cumulative timeout to detect a dead peer. It does not affect retransmission, but only the timeout. Maybe we should use a similar behavior for IKEv2. This would be at least somewhat more congruent, and brings connection specific DPD timeout. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/config/peer_cfg.h;h=57215350566fded3f5c0c33c5d6e145639ff706c;hb=HEAD#l97 [2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/sa/ikev2/task_manager_v2.c;h=81367d21c8156b33c53124756644e503dde21d02;hb=HEAD#l1497 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
