[Openswan Users] Question on DPD
Nick Howitt
n1ck.h0w1tt at gmail.com
Wed Nov 23 03:48:38 EST 2011
Paul,
As a follow up, once a dead peer is detected does Openswan reread the
conn just once until it is re-established, or does it re-read it every
dpdtimeout/dpddelay until the conn is re-established. I am wondering
about the time it can take for the Dynamic DNS system to propagate any
IP/FQDN changes.
Regards,
Nick
On 22/11/2011 17:11, Paul Wouters wrote:
> On Tue, 22 Nov 2011, Nick Howitt wrote:
>
>> I have a conn with the far end on a (not very) dynamic IP which I know
>> is not ideal. I would like to initiate the conn from my end so I have
>> "right=far.end.fqdn" which is fine and works until the far IP changes.
>> If the far IP changes I don't think using dpdaction=restart will
>> re-evaluate the fqdn. Is this correct? If that is the case do I need a
>> watching script to detect when a change of IP happens? ipsec.secrets is
>> fine as I use @rightid.
>
> In modern versions with the USE_DYNAMICDNS enabled (the default) it
> should
> do that. Are you sure the configured DNS server is not behind the tunnel
> that just died?
>
> Paul
More information about the Users
mailing list