[Openswan dev] DPD issue with multiple tunnels between two peers
Michael Richardson
mcr at xelerance.com
Mon Jul 9 11:44:17 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Mark-Andre" == Mark-Andre Hopf <mhopf at innominate.com> writes:
Mark-Andre> On Fri 06.07. 08:56, Michael Richardson wrote:
Mark-Andre> Was the 'restart_by_peer' option problemtatic or
Mark-Andre> developing a fix? I see
>> I don't know what a "restart_by_peer" option is.
Mark-Andre> Oh, sorry. I just saw that 'restart_by_peer' was part of
Mark-Andre> the OCF patch
Mark-Andre> ocf-openswan-v245rc6-20060331.diff
Mark-Andre> (What had a feature like that to do in the OCF
Mark-Andre> patch...?)
I have no idea. We didn't merge that file.
Mark-Andre> It causes Openswan do restart all connections to the
Mark-Andre> same peer in case DPD becomes active. Without it, only
Mark-Andre> the connection owning the active ISAKMP SA is restarted
Mark-Andre> while the others remain dead until the keys expire.
2.5.0 has the same functionality. It does DPD on the phase 1, not the
phase 2, performing whatever actions are necessary on all phase 2s.
- --
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBRpJXzICLcPvd0N1lAQIXFgf/V7LCQROwYwDFQTH486uL0BaedDS8ufrZ
i1O+SQ4/JQr+2Ei641wNkXIfJdTgeY8cGIuQhQ1C/G1b8+XO0PfiNaxHbjVwPa+n
o9cvBLEk9q0vmH4Zw8r0E/Cz/m7mM4LqQJjOqv1/MIkuzkBdBWc8jpEZrcwZBYnv
VmBjwW9M2+zEZQBuNFMzfrNS22HPSM6gwzF37JXoXv10pnorpacDMozzuIt4bN6y
WD91ms5SaBpgwnHCBg4OpEREq0WNT+Pg+90LgEe3+UiuvQYrDj8M6140AIGSiQUR
ij0xV8eo6hBg4sv9M4YKDMrPAAt/LbrOEH64ihd6YG/IqnVZUXDwpQ==
=ckW+
-----END PGP SIGNATURE-----
More information about the Dev
mailing list