[Swan-dev] Fwd: dpddelay and dpdtimeout processing
Tuomo Soini
tis at foobar.fi
Fri Feb 17 12:38:48 UTC 2017
On Fri, 17 Feb 2017 13:36:08 +0100
Oleg Rosowiecki <orosowiecki at gmail.com> wrote:
> The auto= setting indeed implies what the desired dpdaction would be,
> but...
>
> What about a more elaborate scenario when you need to have a
> connection ready, but not start it right away (e.g. when you need to
> flip tunnels on the fly)? My first thought would be to configure the
> initiator using auto=add + dpdaction=restart. This is what I actually
> do during my tests that involve embedded equipment, where Libreswan
> is only part of the whole infrastructure.
>
> If course, we could explicitly --add/--delete/--replace connections
> in this case...
auto=add + ipsec auto --up == auto=start.
auto=add in template type connection is different from auto=add in
static connection.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Swan-dev
mailing list