[Openswan Users] RE: DPD

Paul Wouters paul at xelerance.com
Wed Aug 9 23:22:55 EDT 2006 

On Thu, 10 Aug 2006, Shi Lang wrote:

> Both sites, I set auto=start, dpdaction I set both = clear or hold before,
> none of them works when I unplug the cable and wait for the timeout 120s, I
> re-plugin, won't be re-established.
>
> dpdaction=restart I did not try it, you mean for unplug cable case I need to
> use the restart for dpdaction? In which situation restart is needed to be
> used? Thanks

>From the man page:

       dpdaction     When a DPD enabled peer is  declared  dead,  what  action
                     should be taken.  hold (default) means the eroute will be
                     put into %hold status, while clear means the  eroute  and
                     SA  with  both be cleared. dpdaction=clear is really only
                     usefull on the server of a Road Warrior config.

And the man page is missing dpdaction=restart, which means to try and bring
the connection up again. hold is used to passively prevent packets from being
sent to the now broken tunnel. clear is used for roadwarriors, and basically
"forgets" all the information about the IP address that had the tunnel that
died.

> I found a typo mistake in README.DPD file (openswan-2.4.6): (
> The original:

> There are two dpdaction there, should be dydaction, dpddelay and dpdtimeout.

Fixed.

Paul

More information about the Users mailing list