[Openswan Users] keepalives?
Andreas Steffen
andreas.steffen at strongsec.net
Wed Feb 9 16:44:48 CET 2005
NAT keep alive packets have nothing to do with Dead Peer Detection.
If NAT traversal has been activated by setting
config setup
nat_traversal=yes
then by default every 20 seconds a 1 byte-sized UDP/4500 datagram
is sent in order to refresh the table entry in the NAT-router.
The keep_alive value can be explicitly set in the config setup section:
config setup
nat_traversal=yes
keep_alive=<seconds>
Pozdrowienia
Andreas
Tomasz Grzelak wrote:
> Hello!
>
> When a vpn client (native xp+sp2) is connected to the server (openswan 2.2.0),
> I can see with 'tcpdump' incoming packets. Let's assume a client is behind
> NAT, and he has just established a connection with the server, but he isn't
> doing anything else.
>
> 'tcpdump' is showing short incoming udp[4500] packets once a half a minute
> statistically. I assume these are the keepalive packets.
> Am I right?
>
> What option in the ipsec.conf file is responsible for how often these
> keepalives are sent?
> I wanted to have them every 3 seconds, so I set 'dpddelay' to 3 but there was
> no difference.
>
> Maybe I've made a mistake thinking that way...
> Is 'dpddelay' responsible for the keepalives? And if not, waht option is?
>
> Regards!
> Tom
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
--
=======================================================================
Andreas Steffen e-mail: andreas.steffen at strongsec.com
strongSec GmbH home: http://www.strongsec.com
Alter Zürichweg 20 phone: +41 1 730 80 64
CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===
More information about the Users
mailing list