[Swan] dpd question
Kostya Vasilyev
kman at fastmail.com
Fri Feb 1 17:51:21 UTC 2019
Oh and maybe it wasn't "connection going away" - maybe it was the server trying to establish the initial connection.
It's using IKEv1 - but the other side it set to use IKEv2 only.
In fact the connection is already up (using IKEv2).
Could this be the reason?
In any case, how do I stop these endless connection attempts?
--
Kostya Vasilyev
kman at fastmail.com
On Fri, Feb 1, 2019, at 8:41 PM, Kostya Vasilyev wrote:
> Hello,
>
> I've got a question about dpd.
>
> Right now I see the following scenario with libreswan:
>
> - If a remote connection goes away
> - The server starts trying to connect (with increasing interval)
> - The max interval is reached
> - And then instead of deleting the connection (to which there never was
> a response) - the connection cycle starts over
>
> "mytunnel" #24: STATE_MAIN_I1: retransmission; will wait 32 seconds for
> response
> pending IPsec SA negotiation with 89.0.0.1 "mytunnel" took too long --
> replacing phase 1
> "mytunnel" #21: STATE_MAIN_I1: 60 second timeout exceeded after 7
> retransmits. No response (or no acceptable response) to our first IKEv1
> message
> "mytunnel" #21: starting keying attempt 2 of an unlimited number
> "mytunnel" #22: initiating Main Mode to replace #21
> "mytunnel" #21: deleting state (STATE_MAIN_I1) and NOT sending
> notification
> "mytunnel" #22: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for
> response
> "mytunnel" #22: STATE_MAIN_I1: retransmission; will wait 1 seconds for
> response
>
> My .conf file includes these:
>
> dpddelay=30
> dpdtimeout=120
> dpdaction=clear
>
> Why do connection attempts start over again (and the connection not cleared)?
>
> --
> Kostya Vasilyev
> kman at fastmail.com
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list