[Openswan Users] keepalives?

Tomasz Grzelak tgrzelak at wktpolska.com.pl
Thu Feb 10 08:24:54 CET 2005

Dnia czwartek, 10 lutego 2005 00:05, Jacco de Leeuw napisał:
> Tomasz Grzelak wrote:
> > When a vpn client (native xp+sp2) is connected to the server (openswan
> > 2.2.0), I can see with 'tcpdump' incoming packets. Let's assume a client
> > is behind NAT, and he has just established a connection with the server,
> > but he isn't doing anything else.
> >
> > 'tcpdump' is showing short incoming udp[4500] packets once a half a
> > minute statistically. I assume these are the keepalive packets.
> I don't think you are using L2TP/IPsec 
   What do you think by this?? I don't get it, but in my oppinion I am using    
L2TP/IPSec... And I am rather sure about that :)

> but there are plenty of keep-alive 
> packets in that protocol. Most people enable the 'Client for Microsoft
> Networks' in the TCP/IP settings. That generates lots of periodic SMB
> traffic (for better or for worse). The L2TP connection itself sends a HELLO
> packet every 60 seconds, with an empty data packet as response. And pppd
> can be configured to send echo packets and drop the connection if the peer
> appears to be dead (see lcp-echo-failure and lcp-echo-interval in man
> pppd).

you're right about those keepalives, there may be, but 'man ipsec.conf' also 
says something about keepalives through 'dpd*' options. I thought of the udp 
packets as of ipsec keepalives... maybe I thought wrong, I don't know yet.


More information about the Users mailing list