[Openswan Users] Routing Issue

Luis Nagaki luis.nagaki at gmail.com
Tue Jun 5 20:08:37 EDT 2012


i do get in the secure log DPD=NONE but i dont think that is the same
as dpdaction right?

On Tue, Jun 5, 2012 at 7:43 PM, Luis Nagaki <luis.nagaki at gmail.com> wrote:
> i actually found a site that had a howto for an iphone setup. which is
> not what i want but i followed it but still nothing works.
>
> i have in my vpnclient.conf on the client and server side..file
> dpdaction=restart_by_peer b/c i have auto=start
>
> when i reboot or restart the service on the client side, the routes
> are gone. its not until i reboot the service on the server that the
> routes come back =|.. im ALMOST there.. just need to fix this one
> thing.
>
> On Tue, Jun 5, 2012 at 7:18 PM, David McCullough
> <david_mccullough at mcafee.com> wrote:
>> Jivin Luis Nagaki lays it down ...
>>> How do i turn it on? Ive looked around for this option w no luck :/
>>
>> You need to set "dpdaction" to restart_by_peer for any end-points
>> with "auto = start",  and set it to "clear" for any with "auto = add".
>>
>> The basic idea is that if the end point you are configuring knows the IP
>> address of the remote end point,  then you want restart_by_peer,  otherwise
>> you want clear.
>>
>> You can change the timesouts for DPD if you want but I would just go with
>> the defaults for now,  see here:
>>
>>        http://linux.die.net/man/5/ipsec.conf
>>
>> Look for dpddelay, dpdtimeout and dpdaction.
>>
>> Cheers,
>> Davidm
>>
>>>
>>>
>>>
>>> On Jun 5, 2012, at 6:54 PM, David McCullough
>>> <david_mccullough at mcafee.com> wrote:
>>>
>>> >
>>> > Jivin Luis Nagaki lays it down ...
>>> >> Ok everything is working..
>>> >>
>>> >> But.. final thing..
>>> >>
>>> >> IF i have the clients connected, and i reboot a client... once it
>>> >> comes back online the tunnel is created, i can ping the VPN Server
>>> >> internally. BUT i can not ping the client UNLESS i restart the ipsec
>>> >> service. I dont want to do this everytime i lose a connection etc.
>>> >
>>> > Do you have dead peer detection enabled ?  If not that should solve it for
>>> > you,
>>> >
>>> > Cheers,
>>> > Davidm
>>> >
>>> > --
>>> > David McCullough,      david_mccullough at mcafee.com,  Ph:+61 734352815
>>> > McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org
>>>
>>>
>>
>> --
>> David McCullough,      david_mccullough at mcafee.com,  Ph:+61 734352815
>> McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org


More information about the Users mailing list