<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#333399">
On Mon, 18 Oct 2004, Matthew Claridge wrote:
<br>
<blockquote
cite="midPine.LNX.4.61.0410181733220.3469@expansionpack.xtdnet.nl"
type="cite"><br>
<blockquote type="cite">Is the DPD support built into Openswan 2.2
universal, i.e. can it successfully detect a dead peer IF that peer
isn't running openswan, or does it rely on receiving the correct
responses from another openswan 2.2 system?
<br>
</blockquote>
<br>
DPD support has to be announced via the proper vendor-id. Then the
other
<br>
end can pick it up and use it. Both ends need to announce this
seperately,
<br>
and both sides can decide independantly whether or not to use DPD.
<br>
Currently in openswan we do not announce our capability of DPD if we
did not
<br>
configure it to use it ourselves, which is technically wrong. We should
<br>
always announce it, even it we do not want to do DPD itself, and let
the
<br>
remote peer make its own decision.
<br>
<br>
I made that change in HEAD a few weeks ago, but this prompted a
discussion
<br>
on how to disable this feature per connection, for instance for known
broken
<br>
remote's that would kill the connection. It also raised the question
wether
<br>
the dpdaction= and other keywords should actually be changed into a
left/right
<br>
version of those. We do not yet know which way we want to go.
<br>
<br>
So I believe if you use HEAD, you get the RFC behaviour, but if you use
<br>
anything else, you have to configure DPD yourself so the remote end can
see
<br>
the DPD announcement and can be configured to use DPD as well.
<br>
<br>
Paul
<br>
<br>
_____________________________________________________________________
<br>
This e-mail has been scanned for viruses by MCI's Internet Managed
Scanning Services - powered by MessageLabs. For further information
visit <a class="moz-txt-link-freetext" href="http://www.mci.com">http://www.mci.com</a>
<br>
</blockquote>
<font size="-1">thanks Paul. It seems to work fine.<br>
<br>
Matt<br>
</font>
</body>
</html>