[Openswan Users] Re: need help related to DPD

utkarsh shah utkarsh at elitecore.com
Sat Mar 25 10:17:08 CET 2006 

Hi,

    Thanks for your help.

    but actually i would like to know what is use of eroute putting it in
%hold status or when will it be put in normal status.

    and related to connection type i have sperified properconnection type
    i use Linux Openswan U2.4.4/K2.4.5rc4 (klips) version an config is like
        conn test
            type=transport
            left=182.7.7.254
            leftnexthop=182.7.7.1
    and at other side
        conn sanket_net
            type=tunnel
            left=181.7.7.2
            leftnexthop=181.7.7.1

    we don't require nat-t support.

    and can u suggest me configuration for a net-to-net scenatio where one
or both of server have private ip or both of them are behind NAT-Box.

    thanks

Regards,

Utkarsh Shah
----- Original Message ----- 
From: "Paul Wouters" <paul at xelerance.com>
To: "utkarsh shah" <utkarsh at elitecore.com>
Cc: <users at openswan.org>
Sent: Friday, March 24, 2006 8:49 PM
Subject: Re: need help related to DPD


>
> On Fri, 24 Mar 2006, utkarsh shah wrote:
>
> >     i would like to know exact difference between
dpdaction=hold/clear/restart
>
> from the ipsec.conf man page:
>
>        dpdaction     When a DPD enabled peer is declared  dead,  what
action
>                      should  be  taken.  hold (default) means the eroute
will
>                      be put into %hold status, while clear means  the
eroute
>                      and  SA  with both be cleared. dpdaction=clear is
really
>                      only usefull on the server of a Road Warrior config.
>
>
> >     if we select type=tunnel at one end and transport at other, based on
initiator it selects type.. does it allow such behaviour.
>
> Please first try to just specify the proper type of the tunnel, so if you
use
> transport mode, please use type=transport. In pre 2.4.5rcX versions, there
> was a bug with combining type=transport and rightsubnet=vhost:%priv which
is
> needed for NAT-T. In that case, you may comment out type=transport, but
when
> you upgrade, you will have to put it back in.
>
> Paul
> -- 
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list