On 2013-04-04 19:33, Andreas Steffen wrote: > Hi Andreas, > > from you ipsec.conf file I see that you configured > > dpddelay = 30s > dpdtimeout = 20s > > with dpdtimeout being shorter than dpdelay. This means that > your connection restarts before the first DPD check happens. > We recommend for dpdtimeout to be betwen 4-5 times higher > than dpddelay, so that the connection is cut only if 4-5 > keep-alive packets are not received. In your case: > > dpddelay = 30s > dpdtimeout = 150s
Thank you very much for that insight, that indeed seems to have solved the issue! We also had a connection to another site with dpddelay = 20s and dpdtimeout = 60s. Increasing that timeout to 120s seems to have helped against multiple "DPD: No response from peer - declaring peer dead" messages per day. Thanks! Andreas
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
