[Openswan Users] dpdaction=clean Ineffective.
Peter McGill
petermcgill at goco.net
Fri Jan 20 09:52:46 CET 2006
Agent Smith:
>conn L2TPM
> type=tunnel
> authby=rsasig
> dpdaction=clear
> left=x.x.x.x
> leftid=@vpn.company.domain
> leftrsasigkey=%cert
> leftcert=servercert10.pem
> leftprotoport=17/1701
> right=%any
> rightsubnet=vhost:%all
> rightprotoport=17/1701
> rightrsasigkey=%cert
>
> shouldn't the dpdaction=clear suppose to delete the
> eroute? where do I configure the dpd timeout?
>From doc/README.DPD:
"Note that both sides must have either dpddelay or dpdtimeout set for DPD
to be proposed or accepted. If one directive is set but not the other,
the defaults are used (dpddelay=30, dpdtimeout=120)."
I don't see you using dpddelay or dpdtimeout in your conf, and according
to the doc's dpd isn't used unless you set one or both of them.
Check your logs for a line like:
Jan 16 14:00:27 sheridan pluto[1661]:
"sunoco-172-26-net-to-london-office-net" #
89: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x00227f92
<0xfa04790f
xfrm=3DES_0-HMAC_MD5 NATD=none DPD=enabled}
If dpd is on you should see the DPD=enabled at the end of the line.
Peter McGill
Software Developer / Network Administrator
Gra Ham Energy Limited
More information about the Users
mailing list