[Openswan Users] Prevent Connection Timeout

Paul Wouters paul at xelerance.com
Thu Jan 25 10:33:39 EST 2007

On Thu, 25 Jan 2007, Sebastian Ries wrote:

> > > yes, dpdaction=restart is valid. I'll add it to the man page.
> Hmmm... not really...
> Jan 25 17:18:06 atomium ipsec__plutorun: whack error: "net-to-net" dpdaction
> can only be "clear" or "hold", defaulting to "hold"
> Jan 25 17:18:06 atomium ipsec__plutorun: ...could not add conn "net-to-net"
> As I mentioned this is OpenSwan 2.2 (Debian Sarge packages)


Yes. Debian security insists on sticking with 2.2. It's stupid. We tried to
convince them, and explained our versioning scheme, and told them they are
shipping a broken version with known DOS attacks. But they refuse to update
to a newer version, and no one is backporting all the serious fixes needed
for 2.2.

though in this case, it is a new feature, and it was introduced in 2.3.1,
and fixed in 2.4.1 and 2.4.6.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list