[Openswan Users] How to Completely disable DPD at Openswan configuration

Paul Wouters paul at xelerance.com
Mon Mar 7 19:33:01 EST 2011


On Mon, 7 Mar 2011, Subhasis Dasgupta wrote:

> I am trying to configure openswan IPSEC with CISCO router , now at the CISCO router side DPD has been disabled and
> because of this my connection got dropped after certain time. I want to disable the DPD setting at our OPENSWAN side.
> Can any body suggest any path to solve this
> 
> I have set dpdaction= restart and hold but both are not working

Note that DPD is unidirectional. Openswan always sends the DPD vendor ID to signifiy
it supports DPD. If the remote peer decides to use DPD, openswan will always answer
its DPD packets. You cannot disable this, as this is the RFC requirement for DPD. If
you announce it, you MUST answer.

However, the fact that the remote might be doing DPD and expects openswan to answer DPD
does not mean openswan itself is using DPD to the remote. In fact, it does not UNLESS
you specify both dpdtimeout and dpddelay options.

Paul


More information about the Users mailing list