[Openswan Users] Left side does not detect disconnection

Erich Titl erich.titl at think.ch
Tue Nov 22 13:57:22 EST 2011


on 22.11.2011 05:32, Paul Wouters wrote:
> On Mon, 21 Nov 2011, Erich Titl wrote:
>>> dpdaction=restart_by_peer will restart connection in case of disconnect
>>> automatically.
>> Just to feed my interest
>> - is is possible to have sub_second intervals for dpd?
> No. That's like playing russian roulette with a fully loaded gun.
>> - have you ever tried dpddelay=0 and dpdtimeout=1
> a value of 0 is likely to mean "disabled". At best it is "unspecified".

I want to detect lost connections as quickly as possible. I don't run a
current version so things may have become a lot more stable since I last

>> from http://www.openswan.org/docs/local/README.DPD
>> The dpdaction parameter controls what we do when a peer is determined to
>> be dead. If set to "hold" (the default) it will place the eroute into
>> %hold status, and wait for the peer to return.  If set to "clear" it will
>> remove the connection entirely, including both the SA and eroute.
>> where are the other parameter values documented?
> in the man page for ipsec.conf:
>        dpdaction
>            When a DPD enabled peer is declared dead, what action should be
>            taken.  hold (default) means the eroute will be put into %hold
>            status, while clear means the eroute and SA with both be
> cleared.
>            restart means the the SA will immediately be renegotiated, and
>            restart_by_peer means that ALL SA's to the dead peer will
>            renegotiated.
>            dpdaction=clear is really only useful on the server of a Road
>            Warrior config.

Thanks, my problem in this environment is that I am running openswan on
an embedded environment and there is no man page. Would it possible to
update the openswan web site with actual information?

> Paul

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2182 bytes
Desc: S/MIME Kryptografische Unterschrift
Url : http://lists.openswan.org/pipermail/users/attachments/20111122/01e71367/attachment.bin 

More information about the Users mailing list