[Openswan Users] Prevent Connection Timeout

Paul Wouters paul at xelerance.com
Thu Jan 25 10:33:39 EST 2007


On Thu, 25 Jan 2007, Sebastian Ries wrote:

> > > yes, dpdaction=restart is valid. I'll add it to the man page.
> Hmmm... not really...
> Jan 25 17:18:06 atomium ipsec__plutorun: whack error: "net-to-net" dpdaction
> can only be "clear" or "hold", defaulting to "hold"
> Jan 25 17:18:06 atomium ipsec__plutorun: ...could not add conn "net-to-net"
>
> As I mentioned this is OpenSwan 2.2 (Debian Sarge packages)

*sigh*

Yes. Debian security insists on sticking with 2.2. It's stupid. We tried to
convince them, and explained our versioning scheme, and told them they are
shipping a broken version with known DOS attacks. But they refuse to update
to a newer version, and no one is backporting all the serious fixes needed
for 2.2.

though in this case, it is a new feature, and it was introduced in 2.3.1,
and fixed in 2.4.1 and 2.4.6.


Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list