[Swan] Problem with NAT and Dynamic IP address change
heiko.helmle at horiba.com
heiko.helmle at horiba.com
Fri Jun 26 08:16:27 EEST 2015
> dpddelay=30
> dpdtimeout=120
> dpdaction=clear
...
> 000 #1262: "blackswan"[5] 86.181.114.105:4500 STATE_MAIN_R3 (sent MR3,
> ISAKMP SA established); EVENT_SA_REPLACE in 630s; newest ISAKMP;
> lastdpd=2640s(seq in:22161 out:0); idle; import:not set
...
this is something i've seen pretty often too. Shouldn't this SA have been
deleted a long time ago? with a dpd action (clear) being long overdue?
Because AFAIU this is what keeps the other gateway from initiating a new
one.
My hardware gateways act this way, but libreswan does not. And this
mismatch in behaviour keeps connections in broken state for quite some
time if the SAs have long lifetimes.
Best Regards
Heiko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150626/42522654/attachment.html>
More information about the Swan
mailing list