[Openswan dev] DPD issue with multiple tunnels between two peers
Mark-Andre Hopf
mhopf at innominate.com
Tue Jul 10 05:31:12 EDT 2007
On Tue 10.07. 08:50, Benny Amorsen wrote:
> >>>>> "MR" == Michael Richardson <mcr at xelerance.com> writes:
>
> >>>>> "Benny" == Benny Amorsen <benny+usenet at amorsen.dk> writes:
>
> Benny> Which openswan releases have the restart_by_peer option? It
> Benny> seems to me that restart_by_peer is the right thing to do in
> Benny> all cases, so that dpdaction=restart should go away (or just be
> Benny> translated to restart_by_peer)
>
> MR> Restarting is not the right action all the time. Sometimes,
> MR> having the conn disappear is the right action.
>
> Wouldn't you pick dpdaction=clear or something in those cases? I'm
> only complaining about connections not being restarted when I
> explicitly set dpdaction=restart.
>From RFC 3706:
After some number of retransmitted messages, an implementation SHOULD
assume its peer to be unreachable and delete IPSec and IKE SAs to the
peer.
--
Dipl.-Inf. Mark-André Hopf
Senior Software Engineer
Innominate Security Technologies AG
protecting industrial networks
tel: +49.30.6392-3284
fax: +49.30.6392-3307
Albert-Einstein-Str. 14
D-12489 Berlin, Germany
www.innominate.com
Register Court: AG Charlottenburg, HR B 81603
Management Board: Joachim Fietz, Dirk Seewald
Chairman of the Supervisory Board: Edward M. Stadum
More information about the Dev
mailing list