[Openswan Users] Left side does not detect disconnection
Paul Wouters
paul at xelerance.com
Mon Nov 21 23:32:10 EST 2011
On Mon, 21 Nov 2011, Erich Titl wrote:
>> dpdaction=restart_by_peer will restart connection in case of disconnect
>> automatically.
>
> Just to feed my interest
>
> - is is possible to have sub_second intervals for dpd?
No. That's like playing russian roulette with a fully loaded gun.
> - have you ever tried dpddelay=0 and dpdtimeout=1
a value of 0 is likely to mean "disabled". At best it is "unspecified".
> from http://www.openswan.org/docs/local/README.DPD
>
> The dpdaction parameter controls what we do when a peer is determined to
> be dead. If set to "hold" (the default) it will place the eroute into
> %hold status, and wait for the peer to return. If set to "clear" it will
> remove the connection entirely, including both the SA and eroute.
>
> where are the other parameter values documented?
in the man page for ipsec.conf:
dpdaction
When a DPD enabled peer is declared dead, what action should be
taken. hold (default) means the eroute will be put into %hold
status, while clear means the eroute and SA with both be cleared.
restart means the the SA will immediately be renegotiated, and
restart_by_peer means that ALL SA's to the dead peer will
renegotiated.
dpdaction=clear is really only useful on the server of a Road
Warrior config.
Paul
More information about the Users
mailing list