[Swan] DPD not working
Paul Wouters
paul at nohats.ca
Fri May 3 14:53:03 UTC 2019
On Fri, 3 May 2019, Nick Howitt wrote:
> but here is the whole log.
That's not a DPD issue, it is the auto=start + receiving delete issue.
Your connection receives a delete and is deleted. So you have no active
states, no IKE SA so no DPDs. It should have checked the the auto=start
value, and does not realise it needs to start a new negotiation. A fix
for that is in git master and will be part of 3.28. Unfortunately, we
had a bandaid fix first, and then we removed the bandaid for a proper
fix that also prevents an IKE storm (eg receiving delete, initiate,
establish, receive delete, initiate, ....) so I have no easy commit
for you to reference. But if you look through "git log" of the master
tree, search for "revive" to find all related commits. Or wait for
3.28 to be released next week.
Paul
More information about the Swan
mailing list