Re: [Openswan dev] DPD issue with multiple tunnels between two peers
Michael Richardson <mcr <at> xelerance.com>
2007-07-09 15:44:17 GMT
>>>>> "Mark-Andre" == Mark-Andre Hopf <mhopf <at> innominate.com> writes:
Mark-Andre> On Fri 06.07. 08:56, Michael Richardson wrote:
Mark-Andre> Was the 'restart_by_peer' option problemtatic or
Mark-Andre> developing a fix? I see
>> I don't know what a "restart_by_peer" option is.
Mark-Andre> Oh, sorry. I just saw that 'restart_by_peer' was part of
Mark-Andre> the OCF patch
Mark-Andre> (What had a feature like that to do in the OCF
I have no idea. We didn't merge that file.
Mark-Andre> It causes Openswan do restart all connections to the
Mark-Andre> same peer in case DPD becomes active. Without it, only
Mark-Andre> the connection owning the active ISAKMP SA is restarted
Mark-Andre> while the others remain dead until the keys expire.
2.5.0 has the same functionality. It does DPD on the phase 1, not the
phase 2, performing whatever actions are necessary on all phase 2s.
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr <at> xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [