[Swan-dev] more examples of weird options
Paul Wouters
paul at nohats.ca
Thu Oct 30 19:33:45 EET 2014
example #1:
conn foo
rekey=no
audo=add
admin runs: ipsec auto --up foo
This connection will die when the lifetime is reached. That might not be
obvious to the admin.
example #2:
conn foo
rekey=no
auto=start
This connection will work for 1h when you boot the machine, then die.
example #3:
conn foo
rekey=no
dpdaction=restart
This actually turns into a warning and get changed to dpdaction=hold
example #4:
conn foo
rekey=yes
auto=add
This connection actually does not come up at boot unless the other end
does. (and it doesn't even prevent packet leaks)
example #5
conn foo
keyingtries=3
rekey=no
What does this even mean? if you run ipsec auto --up it will try and if
failing, will try two more times in the background, then give up forever
example #6
conn foo
keyingtries=0
rekey=no
admin runs ipsec auto --up, now it basically retries forever, but if it
comes up will work once and then stop after the one hour and fail.
What does this even mean? if you run ipsec auto --up it will try and if
failing, will try two more times in the background, then give up
forever.
example #7
conn foo
dpdacion=hold
auto=add
keyingtries=0
etc etc. lots of methods to make a connection really inconsistent.
Paul
More information about the Swan-dev
mailing list