[Openswan Users] Question on the Docs
Paul Wouters
paul at xelerance.com
Fri Oct 9 17:34:44 EDT 2009
On Fri, 9 Oct 2009, Nick Howitt wrote:
>
> I've seen a number of messages which refer to documentation such as a
> recent one from Diego Rivera where he says " From the docs, it smells
> like restart is a subset of restart_by_peer.......". My question is
> "which docs"? I have looked through all the html docs in
> /usr/share/doc/openswan/...... and the only mention of DPD is in
> ipsec.conf(5) which does not mention the option restart_by_peer for
> dpdaction, so there must be some other documentation somewhere, but where?
It does in my copy of ipsec.conf(5)
dpdaction
When a DPD enabled peer is declared dead, what action should be
taken. hold (default) means the eroute will be put into %hold
status, while clear means the eroute and SA with both be cleared.
restart means the the SA will immediately be renegotiated, and
restart_by_peer means that ALL SA´s to the dead peer will
renegotiated.
> BTW, there is an error with the DPD documentation in ipsec.conf(5). If
> you use dpddelay, dpdtimeout is now mandatory and vice-versa. The conn
> will fail to load with an error message if only one of the options is
> present.
Thanks. I just fixed it in git, will be in the next release.
Paul
More information about the Users
mailing list