Issue #825
closeaction and dpdaction difference
Description
I want to achieve ipsec vpn break automatically reconnect in ipsec.conf dpdaction = restart configuration can be achieved, but dpdaction and closeaction What is the difference?
History
#1 Updated by shuai yu over 10 years ago
I want to achieve ipsec vpn break automatically reconnect, in ipsec.conf dpdaction = restart configuration can be achieved, but dpdaction and closeaction What is the difference?
#2 Updated by Martin Willi over 10 years ago
- Status changed from New to Feedback
Hi,
The dpdaction triggers only if a peer does not respond. The closeaction does not guarantee that a tunnel keeps up, but just that it gets recreated if it is actively deleted by the peer. There are other error conditions that can result in a connection drop, there is no simple mechanism to keep the tunnel up.
What usually works best is to use auto=route for your connection. The kernel will (re-)trigger the connection if it failed for whatever reason, and ensures that no traffic passes unencrypted. If that does not work for you, the only option currently is to use an external tool to monitor your tunnels.
Regards
Martin
#3 Updated by shuai yu over 10 years ago
Thank you! auto = route than I used to use a good auto = start,
ipsec.conf
dpdaction=restart
closeaction=restart
keyingtries=%forever
We set up (achieve ipsec vpn break automatically reconnect)what is wrong?
#4 Updated by Tobias Brunner about 10 years ago
- Status changed from Feedback to Closed
- Assignee set to Martin Willi
- Resolution set to No feedback