[Openswan Users] dead peer detection - does it work??
antonio silva
tony at gaveta.net
Thu Jan 31 07:13:43 EST 2008
hi to all members of openswan main list.
i'm having a huge problem... i was able to working with openswan between
two debian machines, across the internet and directly connect.
the problem is related to "dead peer detection". if i close the connection
"marces", i lost the connection to the other pc (sol - 192.168.10.1), i
already wait at least 1h, to check if at some point the routes that send
the traffic to the tunnel disappear, but nothing. to get back the
connection i need to restart or stop ipsec in "sol".
what i have seen is when i close the connection on left side, the right
side doesn't get the command to turn down the connection or the command to
unroute the respectives routes already created.
i don't know if it make any diference, i'm using netkey.
can anybody help me to solve this problem.
declaration of one side of the connection:
conn marces
pfs=no
type=tunnel
auto=add
auth=esp
authby=secret
left=192.168.10.1
leftnexthop=%direct
leftid=@sol
leftupdown=/opt/commsmundi/htdocs/networking/scripts/monitor_vpn.sh
right=192.168.10.25
rightid=@marces
rightupdown=/opt/commsmundi/htdocs/networking/scripts/monitor_vpn_right.sh
dpddelay=20
dpdtimeout=30
dpdaction=clear
declaration of the other side:
conn tosol
pfs=no
type=tunnel
auto=add
auth=esp
authby=secret
left=192.168.10.25
leftnexthop=%direct
leftid=@marces
leftupdown=/opt/commsmundi/htdocs/networking/scripts/monitor_vpn.sh
right=192.168.10.1
rightid=@sol
rightupdown=/opt/commsmundi/htdocs/networking/scripts/monitor_vpn_right.sh
dpddelay=20
dpdtimeout=30
dpdaction=clear
Thanks for the help :)
--
antonio silva
More information about the Users
mailing list