[Openswan dev] DPD issue with multiple tunnels between two pe ers
Michael Richardson
mcr at xelerance.com
Mon Jul 9 14:48:58 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Venkat" == Venkat Yekkirala <vyekkirala at TrustedCS.com> writes:
Venkat> But seems like only on all phase 2s for the connection
Venkat> owning the phase 1 in question. Any phase 2s belonging to
Venkat> other connections to the same peer (with the phase 1 SA not
Venkat> being around) could be left lying around until they expire.
You can't have multiple phase 1s to the same peer with different IDs.
(it's a bug, perhaps)
Venkat> I am running into a similar problem, but with the DPD action
Venkat> set to "clear". When a peer goes down unexpectedly, DPD on
Venkat> the phase 1 and RELATED phase 2s get cleared fine, but I
Venkat> still have other phase 2s belonging to a different
Venkat> connection to the same peer lying around without a phase 1,
Venkat> resulting in the follwing:
I'd have to see your entire configuration.
In general, you can't have multiple phase 1s.
Venkat> 1. Openswan seems to be negotiating a Phase 1 each for each
Venkat> connection even when the connections are all to the same
Venkat> peer. Is this the expected behaviour?
No.
- --
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBRpKDGYCLcPvd0N1lAQLo9wf+IuKwVT37+aL0vsw+ieHnb/jl04yMeqB0
MHx8bFg+pfVylWb8vXErUHLY7nu+ho4n9Go+2TghZ2DJJ0yb8iNKty/HMxBWG6wX
84BWEk4mAPOyIzCywuuZjlLi/FjDSD5CROfOe/m48IsT8Fkd3R7FVzCJCihouwAc
Cjn4olpUjlMnf0Oy/P4++jHHsAE/xZG7oWDKWGWxbv9/7hVWlNfjhdYSJN7ne3Zh
NdC4msV0hmsdbNYK/tNhovFOMEt2/5HFwPfJ9JKKz/lCwj5dbr9mZIrrH8hnBCLg
kuPU0cDNvjMhXFMChcNEUDUw1W4w4Va+jnTMUieX71/h3+nbLaWGLw==
=0Cmt
-----END PGP SIGNATURE-----
More information about the Dev
mailing list