[Openswan Users] Tunnel goes down for no reason

Paul Wouters paul at xelerance.com
Mon Sep 10 16:36:27 EDT 2007


On Mon, 10 Sep 2007, Roland Plüss wrote:

> > If you define dpdaction= and dpdtimeout=, then DPD is enabled.
> >
> Tried this out. Unfortunately it doesn't work. Today the tunnel has been
> down again: hard. I had to restart ipsec/openswan 3 times on each side
> before the connection went up again. Is openswan not safe against a
> changing IP? I know one side is currently a joy killer since the IP is
> dynamic but if I have to manually log in both machines to bring the
> tunnel ( which should be up all time ) then this is a problem. Any ideas
> why DPD could fail to work?

Both ends need to support and enable DPD for it to get enabled on an SA.

Paul

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list