[Openswan Users] dpdaction=clean Ineffective.
Paul Wouters
paul at xelerance.com
Fri Jan 20 05:42:41 CET 2006
On Thu, 19 Jan 2006, Agent Smith wrote:
> conn L2TPM
> type=tunnel
> authby=rsasig
> dpdaction=clear
> left=x.x.x.x
> leftid=@vpn.company.domain
> leftrsasigkey=%cert
> leftcert=servercert10.pem
> leftprotoport=17/1701
> right=%any
> rightsubnet=vhost:%all
> rightprotoport=17/1701
> rightrsasigkey=%cert
>
> I connect over L2TP fine, everything works but after I
> disconnect, I still have the eroute showing up in the
> 'ipsec eroute' output.
>
> shouldn't the dpdaction=clear suppose to delete the
> eroute?
Yes, if you do not use auto=start. Since you left out the auto=
rule, I cannot see that.
> where do I configure the dpd timeout?
>From the man page:
dpdtimeout Set the length of time (in seconds) we will idle without
hearing either an R_U_THERE poll from our peer, or an
R_U_THERE_ACK reply. After this period has elapsed with
no response and no traffic, we will declare the peer
dead, and remove the SA (default 120 seconds). If dpdde-
lay is set, but not dpdtimeout, dpdtimeout will be set to
the default.
Yes. You check get some more debugging by using plutodebug=dpd
> I tried deleting eroute manually but that looked like
You should not do that.
Paul
More information about the Users
mailing list