Hi Bhargav, Please keep the discussion on the mailing list.
> I am using quite older version. > strongSwan 4.3.6 > > One more doubt: > Can you tell what exactly this dpdaction=restart does. Is there any > dependency for auto=route and dpdaction=restart. dpdaction=restart reestablishes a CHILD_SA if the other peer seems to be dead (DPD = Dead Peer Detection). With IKEv2 for every request retransmits will be sent if no response is received within a certain time (see [1] for configuration options). After a configurable number of failed tries the other peer is considered dead and the action configured with dpdaction is performed. If the dpddelay option is larger than 0 empty INFORMATIONAL exchanges will be initiated at the configured interval to verify that the other peer is still alive. Please have a look at the documentation at [2] for details. And no, auto=route and dpdaction=restart are not strictly related but with auto=route dpdaction=clear might be sufficient as matching traffic will reestablish the SA anyway. Regards, Tobias [1] http://wiki.strongswan.org/projects/strongswan/wiki/Retransmission [2] http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
