[Openswan Users] Problem with DPD.
Anirudh Kamatgi
akamatgi at gmail.com
Thu Nov 6 10:19:41 EST 2008
Hi All,
I have a gateway-gateway tunnel setup using OpenSwan version 2.6.16 and have
DPD enabled with dpddelay=60, dpdtimeout=120 and dpdaction=hold.
I am facing a problem when I bring one end of the tunnel down( ipsec auto
--down 'tunnel name' followed by ipsec auto --delete 'tunnel name' ).
I was expecting the other end to detect the tunnel being down and the updown
script( I have configured my own updown script ) to get called, but this is
not happening.
ipsec auto --status on this gateway shows the last 2 lines as
"000 "sample": dpd: action:hold; delay:60; timeout:120;
000 "sample": newest ISAKMP SA: #0; newest IPsec SA: #0;"
The tunnel is obviously not established because there is no line containing
"IPsec SA established" anywhere in the output of ipsec auto --status.
My question is, why is the updown script not getting called in this case?
Any help will be appreciated.
Also, please tell me if any other info is needed.
thanks,
-anirudh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081106/e652a8a9/attachment.html
More information about the Users
mailing list