Hello Tobias Also, we are using VICI
-----Original Message----- From: Modster, Anthony Sent: Friday, April 21, 2017 9:24 AM To: 'Tobias Brunner' <[email protected]>; Marc Obbad <[email protected]>; [email protected] Subject: RE: [strongSwan] DPD issues when using multiple interfaces to same Gateway Hello Tobias See below -----Original Message----- From: Users [mailto:[email protected]] On Behalf Of Tobias Brunner Sent: Friday, April 21, 2017 12:24 AM To: Marc Obbad <[email protected]>; [email protected] Subject: Re: [strongSwan] DPD issues when using multiple interfaces to same Gateway Hi Marc, > 1- Are DPD rules apply to individual tunnels? If one tunnel cannot > communicate with the Gateway but other are, what happen if DPD timer > expires in only one of them? Yes, they apply to each IKE_SA individually. A.M. DpdAction=clear, and multiple interfaces, after one DPD timer expires, it may not clear. If DpdAction=clear, and single interface, after DPD timer expires, it does clear. > 2- When we set DPD action as restart, do we need to terminate the > current IKE after DPD timer expires or it is done automatically? The SA will be automatically restarted. A.M. after the restart and the interface comes back up, the tunnel indicates ESTABLISHED, but is not useable. > 3- In our case DPD behavior depends if we have only one interface or > we have multiple interface connected to same Gateway. It is working > when we have only one interface. Not sure what you mean. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
