[Openswan Users] Problem with DPD.
Anirudh Kamatgi
akamatgi at gmail.com
Fri Nov 7 07:38:22 EST 2008
On Thu, Nov 6, 2008 at 10:46 PM, Paul Wouters <paul at xelerance.com> wrote:
> On Thu, 6 Nov 2008, Anirudh Kamatgi wrote:
>
> > I have a gateway-gateway tunnel setup using OpenSwan version 2.6.16 and
> have
> > DPD enabled with dpddelay=60, dpdtimeout=120 and dpdaction=hold.
> > I am facing a problem when I bring one end of the tunnel down( ipsec auto
> > --down 'tunnel name' followed by ipsec auto --delete 'tunnel name' ).
>
> Using --down *informs* the other end that the tunnel is going down. it
> is not the same as crashing or unplugging the machine.
So, I understand that dpd is not involved when --down is used, but in case
of crashing or unplugging the machine,
the remote end detects that the tunnel is down thro dpd.
Thanks for clarifying.
>
>
> > The tunnel is obviously not established because there is no line
> containing
> > "IPsec SA established" anywhere in the output of ipsec auto --status.
>
> It will also not be able to re-establish, since you --delete'ed the
> connection.
Sorry, I was not clear. I was looking at the logs on the other machine, lets
call it B( i.e not the machine
where I --delete'ed the connection ). On B, it looks like the IPSec SA was
deleted but the ISAKMP SA is still
not deleted.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081107/b11c32ae/attachment.html
More information about the Users
mailing list