[Openswan Users] keepalives?

Andreas Steffen andreas.steffen at strongsec.net
Wed Feb 9 16:44:48 CET 2005


NAT keep alive packets have nothing to do with Dead Peer Detection.
If NAT traversal has been activated by setting

config setup
        nat_traversal=yes

then by default every 20 seconds a 1 byte-sized UDP/4500 datagram
is sent in order to refresh the table entry in the NAT-router.

The keep_alive value can be explicitly set in the config setup section:

config setup
        nat_traversal=yes
        keep_alive=<seconds>

Pozdrowienia

Andreas

Tomasz Grzelak wrote:
> Hello!
> 
> When a vpn client (native xp+sp2) is connected to the server (openswan 2.2.0), 
> I can see with 'tcpdump' incoming packets. Let's assume a client is behind 
> NAT, and he has just established a connection with the server, but he isn't 
> doing anything else.
> 
> 'tcpdump' is showing short incoming udp[4500] packets once a half a minute 
> statistically. I assume these are the keepalive packets.
> Am I right?
> 
> What option in the ipsec.conf file is responsible for how often these 
> keepalives are sent?
> I wanted to have them every 3 seconds, so I set 'dpddelay' to 3 but there was 
> no difference.
> 
> Maybe I've made a mistake thinking that way...
> Is 'dpddelay' responsible for the keepalives? And if not, waht option is?
> 
> Regards!
> Tom
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users


-- 
=======================================================================
Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===


More information about the Users mailing list