[Openswan dev] DPD issue with multiple tunnels between two pe ers
mcr at xelerance.com
Mon Jul 9 14:48:58 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Venkat" == Venkat Yekkirala <vyekkirala at TrustedCS.com> writes:
Venkat> But seems like only on all phase 2s for the connection
Venkat> owning the phase 1 in question. Any phase 2s belonging to
Venkat> other connections to the same peer (with the phase 1 SA not
Venkat> being around) could be left lying around until they expire.
You can't have multiple phase 1s to the same peer with different IDs.
(it's a bug, perhaps)
Venkat> I am running into a similar problem, but with the DPD action
Venkat> set to "clear". When a peer goes down unexpectedly, DPD on
Venkat> the phase 1 and RELATED phase 2s get cleared fine, but I
Venkat> still have other phase 2s belonging to a different
Venkat> connection to the same peer lying around without a phase 1,
Venkat> resulting in the follwing:
I'd have to see your entire configuration.
In general, you can't have multiple phase 1s.
Venkat> 1. Openswan seems to be negotiating a Phase 1 each for each
Venkat> connection even when the connections are all to the same
Venkat> peer. Is this the expected behaviour?
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dev