[Openswan Users] keepalives?
Jacco de Leeuw
jacco2 at dds.nl
Thu Feb 10 00:05:21 CET 2005
Tomasz Grzelak wrote:
> When a vpn client (native xp+sp2) is connected to the server (openswan 2.2.0),
> I can see with 'tcpdump' incoming packets. Let's assume a client is behind
> NAT, and he has just established a connection with the server, but he isn't
> doing anything else.
>
> 'tcpdump' is showing short incoming udp[4500] packets once a half a minute
> statistically. I assume these are the keepalive packets.
I don't think you are using L2TP/IPsec but there are plenty of keep-alive
packets in that protocol. Most people enable the 'Client for Microsoft
Networks' in the TCP/IP settings. That generates lots of periodic SMB traffic
(for better or for worse). The L2TP connection itself sends a HELLO packet
every 60 seconds, with an empty data packet as response. And pppd can be
configured to send echo packets and drop the connection if the peer appears
to be dead (see lcp-echo-failure and lcp-echo-interval in man pppd).
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list