[Openswan Users] ike and netfilter timeout

Marco Berizzi pupilla at hotmail.com
Tue Jan 15 07:31:02 EST 2008


Paul Wouters wrote:

> On Tue, 15 Jan 2008, Marco Berizzi wrote:
>
> > I would like to know if there is a way to
> > configure openswan to send some kind of
> > ike keepalive packets, so netfilter will
> > not delete the entries for udp 500 from
> > /proc/net/nf_conntrack.
> > DPD isn't an option because it only send
> > the ike packets if there is not traffic
> > inside the tunnel (no ESP packets).
>
> don't you only care about this behind NAT, so then you are using
> port 4500, which also sees the NAT IKE keepalives if there is
> no traffic?

Not only behind nat. Please see:

http://lists.netfilter.org/pipermail/netfilter-devel/2006-March/023736.html




More information about the Users mailing list