[Openswan Users] RE: DPD
Shi Lang
shilang at greenpacket.com
Thu Aug 10 05:04:45 EDT 2006
Hi Paul,
Both sites, I set auto=start, dpdaction I set both = clear or hold before,
none of them works when I unplug the cable and wait for the timeout 120s, I
re-plugin, won't be re-established.
dpdaction=restart I did not try it, you mean for unplug cable case I need to
use the restart for dpdaction? In which situation restart is needed to be
used? Thanks
########################
I found a typo mistake in README.DPD file (openswan-2.4.6): (
The original:
DPD support is tuneable on a per connection basis, using the dpdaction,
dpddelay and dpdaction directives. See also the ipsec.conf man page for
more information.
There are two dpdaction there, should be dydaction, dpddelay and dpdtimeout.
########################
Thanks
Regards,
Shi Lang
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Wednesday, August 09, 2006 10:43 PM
To: Shi Lang
Cc: users at openswan.org
Subject: Re: DPD
On Wed, 9 Aug 2006, Shi Lang wrote:
> Recently I upgrade my openswan, and two sites establish one Site-to-site
> VPN, both sites set the DPD=clear.
>
> I purposely unplug one Site server Ethernet cable, and I can see both site
> servers DPD clear SAs and unrouted.
>
> But the problem is when I re-plugin the cable, site-to-site will not be
> re-established. 'ipsec auto status' are still showing unrouted.
> I do not know is this the correct behavior or not for such case where
unplug
> the cable, dpd will not work in order to re-establish the Site-to-site
VPN.
Do you have:
auto=start
dpdaction=restart
on both ends?
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list