[Openswan Users] DPD / Multiple SA
Paul Wouters
paul at xelerance.com
Tue Nov 28 11:47:33 EST 2006
On Tue, 28 Nov 2006, Paul Wouters wrote:
[ DPD ]
> > What i can't understand, is why only one SA on the 5 SAs is brought up back, same for eroute, only one up, others are in hold or trap status...
> >
> > The renegotiation does not fail, it is simply not initiated :/
> >
> > I have seen in a recent post that we can adapt the _updown script to add "ipsec auto --replace conn" and "ipsec auto --up conn" but i did not succeed to find the correct way to achieve this :(
>
> I thought we recently added a fix for this. Perhaps it did not make it in 2.4.7.
> I'll get back to you on this one.
>
> Paul
Just to confirm, this will not be fixed in the 2.4 series. It has been fixed in
the 2.5 series, but the changes were significant enough that we don't want to
backport this to 2.4. We are hoping to switch the "stable" version of openswan
to the 2.5 series soon anyway.
Paul
More information about the Users
mailing list