[Swan] dpd question
Kostya Vasilyev
kman at fastmail.com
Fri Feb 1 17:41:30 UTC 2019
Hello,
I've got a question about dpd.
Right now I see the following scenario with libreswan:
- If a remote connection goes away
- The server starts trying to connect (with increasing interval)
- The max interval is reached
- And then instead of deleting the connection (to which there never was a response) - the connection cycle starts over
"mytunnel" #24: STATE_MAIN_I1: retransmission; will wait 32 seconds for response
pending IPsec SA negotiation with 89.0.0.1 "mytunnel" took too long -- replacing phase 1
"mytunnel" #21: STATE_MAIN_I1: 60 second timeout exceeded after 7 retransmits. No response (or no acceptable response) to our first IKEv1 message
"mytunnel" #21: starting keying attempt 2 of an unlimited number
"mytunnel" #22: initiating Main Mode to replace #21
"mytunnel" #21: deleting state (STATE_MAIN_I1) and NOT sending notification
"mytunnel" #22: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
"mytunnel" #22: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
My .conf file includes these:
dpddelay=30
dpdtimeout=120
dpdaction=clear
Why do connection attempts start over again (and the connection not cleared)?
--
Kostya Vasilyev
kman at fastmail.com
More information about the Swan
mailing list