[Openswan Users] dpdaction=clean Ineffective.

Paul Wouters paul at xelerance.com
Fri Jan 20 05:42:41 CET 2006

On Thu, 19 Jan 2006, Agent Smith wrote:

> conn    L2TPM
>         type=tunnel
>         authby=rsasig
>         dpdaction=clear
>         left=x.x.x.x
>         leftid=@vpn.company.domain
>         leftrsasigkey=%cert
>         leftcert=servercert10.pem
>         leftprotoport=17/1701
>         right=%any
>         rightsubnet=vhost:%all
>         rightprotoport=17/1701
>         rightrsasigkey=%cert
> I connect over L2TP fine, everything works but after I
> disconnect, I still have the eroute showing up in the
> 'ipsec eroute' output.
> shouldn't the dpdaction=clear suppose to delete the
> eroute?

Yes, if you do not use auto=start. Since you left out the auto=
rule, I cannot see that.

> where do I configure the dpd timeout?

>From the man page:

       dpdtimeout    Set the length of time (in seconds) we will idle  without
                     hearing  either  an  R_U_THERE  poll from our peer, or an
                     R_U_THERE_ACK reply.  After this period has elapsed  with
                     no  response  and  no  traffic,  we will declare the peer
                     dead, and remove the SA (default 120 seconds).  If dpdde-
                     lay is set, but not dpdtimeout, dpdtimeout will be set to
                     the default.

Yes. You check get some more debugging by using plutodebug=dpd

> I tried deleting eroute manually but that looked like

You should not do that.


More information about the Users mailing list