[Openswan dev] [PATCH] Forget about NAT-T in DPD activity check
Paul Wouters
paul at xelerance.com
Thu Oct 6 04:08:40 CEST 2005
On Wed, 28 Sep 2005, Herbert Xu wrote:
> I noticed that the DPD activity check became conditional on NAT-T.
> This is unnecessary because NAT-T already has its own keep-alive
> packets which are sent every 20 seconds. In fact, if anything we
> should modify NAT-T's keep-alive to take into account traffic
> travelling in the same direction as the keep-alive before sending
> it.
I talked briefly with Michael about this. If I understood him correctly,
this is not the right thing to do. There is a difference in directions
with respect for DPD (which can happen in both directions or not) and
NAT-T. Also, apparently sometimes, NAT-T keepalives are eaten up instead
of passed along, in which one might still want to use DPD to determine
if the tunnels are up or not.
Paul
--
"Happiness is never grand"
--- Mustapha Mond, World Controller (Brave New World)
More information about the Dev
mailing list