[Openswan Users] dpdaction=clean Ineffective.
pompase
pompase at pompase.net
Fri Jan 20 08:54:31 CET 2006
Apart from what you wrote Paul, I do not think that dpd will work. As far as
I remember Windows L2TP there is no dpd support. And in that case no dpd is
negotiated no matter what you configure at your connection, as it is
necessary that both sides agree about dpd.
Forget what I was writing about in case yo use any other L2TP implementation
that support dpd.
Matthias
On Fri, 20 Jan 2006 05:42:41 +0100 (CET), Paul Wouters wrote
> On Thu, 19 Jan 2006, Agent Smith wrote:
>
> > conn L2TPM
> > type=tunnel
> > authby=rsasig
> > dpdaction=clear
> > left=x.x.x.x
> > leftid=@vpn.company.domain
> > leftrsasigkey=%cert
> > leftcert=servercert10.pem
> > leftprotoport=17/1701
> > right=%any
> > rightsubnet=vhost:%all
> > rightprotoport=17/1701
> > rightrsasigkey=%cert
> >
> > I connect over L2TP fine, everything works but after I
> > disconnect, I still have the eroute showing up in the
> > 'ipsec eroute' output.
> >
> > shouldn't the dpdaction=clear suppose to delete the
> > eroute?
>
> Yes, if you do not use auto=start. Since you left out the auto=
> rule, I cannot see that.
>
> > where do I configure the dpd timeout?
>
> >From the man page:
>
> dpdtimeout Set the length of time (in seconds) we will
> idle without hearing either an R_U_THERE
> poll from our peer, or an R_U_THERE_ACK reply.
> After this period has elapsed with no response
> and no traffic, we will declare the peer
> dead, and remove the SA (default 120 seconds). If dpdde-
> lay is set, but not dpdtimeout, dpdtimeout will be set to
> the default.
>
> Yes. You check get some more debugging by using plutodebug=dpd
>
> > I tried deleting eroute manually but that looked like
>
> You should not do that.
>
> Paul
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list