[Openswan Users] Re: need help related to DPD
Paul Wouters
paul at xelerance.com
Fri Mar 24 16:19:53 CET 2006
On Fri, 24 Mar 2006, utkarsh shah wrote:
> i would like to know exact difference between dpdaction=hold/clear/restart
from the ipsec.conf man page:
dpdaction When a DPD enabled peer is declared dead, what action
should be taken. hold (default) means the eroute will
be put into %hold status, while clear means the eroute
and SA with both be cleared. dpdaction=clear is really
only usefull on the server of a Road Warrior config.
> if we select type=tunnel at one end and transport at other, based on initiator it selects type.. does it allow such behaviour.
Please first try to just specify the proper type of the tunnel, so if you use
transport mode, please use type=transport. In pre 2.4.5rcX versions, there
was a bug with combining type=transport and rightsubnet=vhost:%priv which is
needed for NAT-T. In that case, you may comment out type=transport, but when
you upgrade, you will have to put it back in.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list