[Openswan Users] keepalives?
andreas.steffen at strongsec.net
Wed Feb 9 16:44:48 CET 2005
NAT keep alive packets have nothing to do with Dead Peer Detection.
If NAT traversal has been activated by setting
then by default every 20 seconds a 1 byte-sized UDP/4500 datagram
is sent in order to refresh the table entry in the NAT-router.
The keep_alive value can be explicitly set in the config setup section:
Tomasz Grzelak wrote:
> When a vpn client (native xp+sp2) is connected to the server (openswan 2.2.0),
> I can see with 'tcpdump' incoming packets. Let's assume a client is behind
> NAT, and he has just established a connection with the server, but he isn't
> doing anything else.
> 'tcpdump' is showing short incoming udp packets once a half a minute
> statistically. I assume these are the keepalive packets.
> Am I right?
> What option in the ipsec.conf file is responsible for how often these
> keepalives are sent?
> I wanted to have them every 3 seconds, so I set 'dpddelay' to 3 but there was
> no difference.
> Maybe I've made a mistake thinking that way...
> Is 'dpddelay' responsible for the keepalives? And if not, waht option is?
> Users mailing list
> Users at openswan.org
Andreas Steffen e-mail: andreas.steffen at strongsec.com
strongSec GmbH home: http://www.strongsec.com
Alter Zürichweg 20 phone: +41 1 730 80 64
CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===
More information about the Users