Keeping the discussion ---------- Forwarded message ---------- From: Tobias Brunner <[email protected]> Date: Tue, Feb 12, 2013 at 5:15 PM Subject: Re: [strongSwan] issue when configuring dpdaction=restart in ipsec.conf To: bhargav p <[email protected]> Cc: [email protected]
Hi Bhargav, Please keep the discussion on the mailing list. > I am using quite older version. > strongSwan 4.3.6 > > One more doubt: > Can you tell what exactly this dpdaction=restart does. Is there any > dependency for auto=route and dpdaction=restart. dpdaction=restart reestablishes a CHILD_SA if the other peer seems to be dead (DPD = Dead Peer Detection). With IKEv2 for every request retransmits will be sent if no response is received within a certain time (see [1] for configuration options). After a configurable number of failed tries the other peer is considered dead and the action configured with dpdaction is performed. If the dpddelay option is larger than 0 empty INFORMATIONAL exchanges will be initiated at the configured interval to verify that the other peer is still alive. Please have a look at the documentation at [2] for details. And no, auto=route and dpdaction=restart are not strictly related but with auto=route dpdaction=clear might be sufficient as matching traffic will reestablish the SA anyway. Regards, Tobias [1] http://wiki.strongswan.org/projects/strongswan/wiki/Retransmission [2] http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection -- Regards _______________________________________________ Puvvada Bhargav R&D Engineer | NOKIA SIEMENS NETWORKS* India* | Bangalore Mob. + 919741040458 [email protected]
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
