[Openswan dev] DPD issue with multiple tunnels between two peers
Mark-Andre Hopf
mhopf at innominate.com
Fri Jul 6 09:17:50 EDT 2007
On Fri 06.07. 08:56, Michael Richardson wrote:
> Mark-Andre> Was the 'restart_by_peer' option problemtatic or
> Mark-Andre> developing a fix? I see
>
> I don't know what a "restart_by_peer" option is.
Oh, sorry. I just saw that 'restart_by_peer' was part of the OCF patch
ocf-openswan-v245rc6-20060331.diff
(What had a feature like that to do in the OCF patch...?)
It causes Openswan do restart all connections to the same peer in case
DPD becomes active. Without it, only the connection owning the active
ISAKMP SA is restarted while the others remain dead until the keys
expire.
Mark
--
mark-andre.hopf at innominate.com
senior software engineer innominate security technologies AG
development protecting industrial networks
tel: +49.30.6392-3284 fax: -3307 http://innominate.com
Go out and tell a lie that will make the whole family proud of you.
-- Cadmus, to Pentheus, in "The Bacchae" by Euripides
More information about the Dev
mailing list