[Openswan Users] ike and netfilter timeout
Paul Wouters
paul at xelerance.com
Tue Jan 15 07:10:34 EST 2008
On Tue, 15 Jan 2008, Marco Berizzi wrote:
> I would like to know if there is a way to
> configure openswan to send some kind of
> ike keepalive packets, so netfilter will
> not delete the entries for udp 500 from
> /proc/net/nf_conntrack.
> DPD isn't an option because it only send
> the ike packets if there is not traffic
> inside the tunnel (no ESP packets).
don't you only care about this behind NAT, so then you are using
port 4500, which also sees the NAT IKE keepalives if there is
no traffic?
Paul
More information about the Users
mailing list