[Openswan dev] dpdaction=restart

Michael Richardson mcr at sandelman.ottawa.on.ca
Tue Nov 14 23:52:08 EST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


When openswan has determined that a tunnel is down by DPD, but it has
not yet been able to renegotiate it do you expect to see:
    a)	%trap	  
    b)  previous tunnel SA

%trap indicates to everyone that the tunnel is down. Maybe even
eventually to routing.  

Previous tunnel SA being left in place means that perhaps some data will
in fact get through, if the reason for the DPD failure is more
QoS/congestion or UDP blockage than anything else. (Not very likely for
anything involving a NAT, since the ESP will be UDP too then...)

Opinions please.

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRVqc94CLcPvd0N1lAQI1YAf+MzpI2rWLEJb5ESzXDjAURt5fC/R/YGGX
ZgecbLz7hS5wBWm7usUHZEGVCdHbbt7vl2eush5hfy6SaReQrick6KzYXAE3cqJS
7kG3rVpe/YZ7ifUi/r4zxmbZvVoPKDHGqt9JmlpUoqJZ9H/vEqk3eTesLY37eXPA
NOnmaGwAfkUmbyK1K0B/2FLJ8dd3dk3Nf4SKHQ1SsWHfet4rYSQpxeRbHsxkft4W
Ti2ROwRCqLvl9mvpX9VWXvTlna5THzAG2Lf36O/vmeaCaP/qja0upYc5xaE2OoVC
0/rOP+jrWSAheV2jytLi+4yuUN316PXUgkzBTKF6LJsRalCDneuLNA==
=ogGL
-----END PGP SIGNATURE-----


More information about the Dev mailing list