[Openswan dev] DPD issue with multiple tunnels between two peers
mcr at xelerance.com
Mon Jul 9 11:44:17 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Mark-Andre" == Mark-Andre Hopf <mhopf at innominate.com> writes:
Mark-Andre> On Fri 06.07. 08:56, Michael Richardson wrote:
Mark-Andre> Was the 'restart_by_peer' option problemtatic or
Mark-Andre> developing a fix? I see
>> I don't know what a "restart_by_peer" option is.
Mark-Andre> Oh, sorry. I just saw that 'restart_by_peer' was part of
Mark-Andre> the OCF patch
Mark-Andre> (What had a feature like that to do in the OCF
I have no idea. We didn't merge that file.
Mark-Andre> It causes Openswan do restart all connections to the
Mark-Andre> same peer in case DPD becomes active. Without it, only
Mark-Andre> the connection owning the active ISAKMP SA is restarted
Mark-Andre> while the others remain dead until the keys expire.
2.5.0 has the same functionality. It does DPD on the phase 1, not the
phase 2, performing whatever actions are necessary on all phase 2s.
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dev