[Openswan Users] unroute on DPD
Roel van Meer
roel.vanmeer at bokxing.nl
Fri Oct 19 10:28:45 EDT 2012
Hi list!
Q: is it possible to configure DPD in such a way that the connections gets
unrouted if a peer is decleared as dead?
As an alternative: how can I disable initiate on demand?
The reason behind my question is this: I have some Draytek Vigor routers
connected to openswan. The drayteks are configured as outbound-only.
My connections are configured as 'auto=add' in openswan, so after a restart
of openswan the connections are added but not routed, and the only way that
a connection can be initiated is by the Draytek.
So far so good.
However, after a peer is declared dead by DPD, the connection is brought
down, but it is still routed, so the next time a packet arrives for the
draytek, openswan will try to inititate a connection. And that's what I
don't want because that is the draytek's job.
I see two ways to achieve that:
a) unroute the connection if DPD says it's dead
b) disable initiate on demand, somehow.
Does anyone know how I can do either?
Thanks a lot,
Roel
More information about the Users
mailing list