Anand Murali
2017-11-19 11:31:09 UTC
Hi,
I was checking how DPD works in latest strongswan git.
DPD is sent using ike_sa->send_dpd() after a tunnel is established.
If the peer is not responding, retransmission_timeout happens for the tunnel and it closes. I have set dpdaction to restart.
From ipsec.conf wiki, i saw that retransmit_timeout is used for DPD as well as all other messages.
In task_manager_v2->retransmit(), i cannot see any special condition for checking dpdaction.
There is a ike_sa->reestablish() but that is called by dpd_time_job, which is available for ikev1 only and IKE_DELETE job. For retransmit_timeout, there is no IKE_DELETE job being queued. We are doing only checkin_and_destroy.
May i know where dpdaction logic is implemented for ikev2 in our strongswan?
Thanks,
Anand
I was checking how DPD works in latest strongswan git.
DPD is sent using ike_sa->send_dpd() after a tunnel is established.
If the peer is not responding, retransmission_timeout happens for the tunnel and it closes. I have set dpdaction to restart.
From ipsec.conf wiki, i saw that retransmit_timeout is used for DPD as well as all other messages.
In task_manager_v2->retransmit(), i cannot see any special condition for checking dpdaction.
There is a ike_sa->reestablish() but that is called by dpd_time_job, which is available for ikev1 only and IKE_DELETE job. For retransmit_timeout, there is no IKE_DELETE job being queued. We are doing only checkin_and_destroy.
May i know where dpdaction logic is implemented for ikev2 in our strongswan?
Thanks,
Anand