[Openswan Users] Routing Issue
David McCullough
david_mccullough at mcafee.com
Tue Jun 5 19:18:14 EDT 2012
Jivin Luis Nagaki lays it down ...
> How do i turn it on? Ive looked around for this option w no luck :/
You need to set "dpdaction" to restart_by_peer for any end-points
with "auto = start", and set it to "clear" for any with "auto = add".
The basic idea is that if the end point you are configuring knows the IP
address of the remote end point, then you want restart_by_peer, otherwise
you want clear.
You can change the timesouts for DPD if you want but I would just go with
the defaults for now, see here:
http://linux.die.net/man/5/ipsec.conf
Look for dpddelay, dpdtimeout and dpdaction.
Cheers,
Davidm
>
>
>
> On Jun 5, 2012, at 6:54 PM, David McCullough
> <david_mccullough at mcafee.com> wrote:
>
> >
> > Jivin Luis Nagaki lays it down ...
> >> Ok everything is working..
> >>
> >> But.. final thing..
> >>
> >> IF i have the clients connected, and i reboot a client... once it
> >> comes back online the tunnel is created, i can ping the VPN Server
> >> internally. BUT i can not ping the client UNLESS i restart the ipsec
> >> service. I dont want to do this everytime i lose a connection etc.
> >
> > Do you have dead peer detection enabled ? If not that should solve it for
> > you,
> >
> > Cheers,
> > Davidm
> >
> > --
> > David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
> > McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
>
>
--
David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
More information about the Users
mailing list