[Openswan Users] ike and netfilter timeout
Paul Wouters
paul at xelerance.com
Wed Jan 16 05:38:00 EST 2008
On Wed, 16 Jan 2008, Marco Berizzi wrote:
> > don't you only care about this behind NAT, so then you are using
> > port 4500, which also sees the NAT IKE keepalives if there is
> > no traffic?
>
> Hi Paul.
> Thinking again about this issue.
> How about ikeping? Adding an options to
> ipsec.conf, something like ikeping=5min, so
> openswan send an ikeping to the left/right
> ip address every five minutes. This would
> do the trick. Isn't it?
You cannot use ikeping when you have an ike daemon running.
I still don't understand why you are 1) using NAT and 2) not have
enough with the keep-alives sent. If this is due to various NAT'ing
of IKE packets behind the IPsec gateway, then there is a problem
with your NAT rules.
Paul
More information about the Users
mailing list