[Openswan Users] ike and netfilter timeout

Marco Berizzi pupilla at hotmail.com
Tue Jan 15 07:31:02 EST 2008

Paul Wouters wrote:

> On Tue, 15 Jan 2008, Marco Berizzi wrote:
> > I would like to know if there is a way to
> > configure openswan to send some kind of
> > ike keepalive packets, so netfilter will
> > not delete the entries for udp 500 from
> > /proc/net/nf_conntrack.
> > DPD isn't an option because it only send
> > the ike packets if there is not traffic
> > inside the tunnel (no ESP packets).
> don't you only care about this behind NAT, so then you are using
> port 4500, which also sees the NAT IKE keepalives if there is
> no traffic?

Not only behind nat. Please see:


More information about the Users mailing list