[Openswan Users] keepalives?
Tomasz Grzelak
tgrzelak at wktpolska.com.pl
Thu Feb 10 08:24:54 CET 2005
Dnia czwartek, 10 lutego 2005 00:05, Jacco de Leeuw napisał:
> Tomasz Grzelak wrote:
> > When a vpn client (native xp+sp2) is connected to the server (openswan
> > 2.2.0), I can see with 'tcpdump' incoming packets. Let's assume a client
> > is behind NAT, and he has just established a connection with the server,
> > but he isn't doing anything else.
> >
> > 'tcpdump' is showing short incoming udp[4500] packets once a half a
> > minute statistically. I assume these are the keepalive packets.
>
> I don't think you are using L2TP/IPsec
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
What do you think by this?? I don't get it, but in my oppinion I am using
L2TP/IPSec... And I am rather sure about that :)
> but there are plenty of keep-alive
> packets in that protocol. Most people enable the 'Client for Microsoft
> Networks' in the TCP/IP settings. That generates lots of periodic SMB
> traffic (for better or for worse). The L2TP connection itself sends a HELLO
> packet every 60 seconds, with an empty data packet as response. And pppd
> can be configured to send echo packets and drop the connection if the peer
> appears to be dead (see lcp-echo-failure and lcp-echo-interval in man
> pppd).
you're right about those keepalives, there may be, but 'man ipsec.conf' also
says something about keepalives through 'dpd*' options. I thought of the udp
packets as of ipsec keepalives... maybe I thought wrong, I don't know yet.
Tom
More information about the Users
mailing list