Re: Director not sending icmp unreachable to expired clients

To:	Julian Anastasov <ja@xxxxxx>
Subject:	Re: Director not sending icmp unreachable to expired clients
Cc:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From:	Janusz Krzysztofik <jkrzyszt@xxxxxxxxxxxx>
Date:	Tue, 13 Feb 2007 13:17:35 +0100

Julian Anastasov wrote:

        Hello,


Hi Julian,

        Any support for ISAKMP keep alives in your devices?

If you mean DPD (dead peer detect) - yes, it is supported (I useOpenSwan), but it does not work very well for me. In my case, severaltunnels can use the same ISAKMP association, and only one of them isremoved when the peer is assumed dead. Other tunnels stay on, ignoringICMP port unreachable messages my patched director is sending, untilthey expire.

My current workaround is not using DPD, but setting a short rekey period(15 mins or less).


Cheers,
Janusz

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Director not sending icmp unreachable to expired clients, Julian Anastasov Re: Director not sending icmp unreachable to expired clients, Janusz Krzysztofik <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: Throughput Issues, Joseph Mack NA3T
Next by Date:	Re: Redirection of packets based on source IP address, Martijn Grendelman
Previous by Thread:	Re: Director not sending icmp unreachable to expired clients, Julian Anastasov
Next by Thread:	Re: Redirection of packets based on source IP address, Joseph Mack NA3T
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: Throughput Issues, Joseph Mack NA3T

Next by Date:

Re: Redirection of packets based on source IP address, Martijn Grendelman

Previous by Thread:

Re: Director not sending icmp unreachable to expired clients, Julian Anastasov

Next by Thread:

Re: Redirection of packets based on source IP address, Joseph Mack NA3T

Indexes:

[Date] [Thread] [Top] [All Lists]