[Swan] DPD not working
Paul Wouters
paul at nohats.ca
Thu May 2 18:19:55 UTC 2019
On Thu, 2 May 2019, Nick Howitt wrote:
> I have an IKEv2 conn with one end behind NAT:
> Nat'd (remote):
> conn nick-ikev2
> type=tunnel
> authby=secret
> auto=start
> left=10.20.40.248
> leftsourceip=192.168.20.1
> leftsubnet=192.168.20.0/24
> leftid=@clearos_in_clearvm
> right=my.fqdn
> rightsubnet=172.17.2.0/24
> rightid=@nick
> ikev2=insist
> dpdaction=restart
> dpdtimeout=120
> dpddelay=30
looks ok.
> Other (local) end:
> conn nick-ikev2
> type=tunnel
> authby=secret
> auto=add
> left=%any
> #left=209.90.117.194
> leftsubnet=192.168.20.0/24
> leftid=@clearos_in_clearvm
> right=%defaultroute
> rightsubnet=172.17.2.0/24
> rightsourceip=172.17.2.1
> rightid=@nick
> ikev2=insist
> dpdaction=restart
> dpdtimeout=120
> dpddelay=30
> rekey=no
auto=add with rekey=no should have dpdaction=clear and not restart. As
it cannot start to the endpoint behind NAT.
> Using libreswan-3.25-4.1.el7_6.x86_64.
Can you run with plutodebug=all then egrep -i dpd over the log?
Paul
More information about the Swan
mailing list