Displaying 3 results from an estimated 3 matches for "dpdtimeout".
2016 Feb 09
4
OpenSwan Drop Out Issue
...etime=8h
left=1.1.1.1
right=2.2.2.2
leftsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24}
rightsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24}
pfs=yes
auto=start
authby=secret
dpddelay=30
dpdtimeout=120
dpdaction=hold
phase2alg=aes256-sha1;modp1536
phase2=esp
ike=aes256-sha1;modp1536
It's mirrored exactly the same on the other side.
I have tried changing the dead peer detection timeout to something high (5
minutes), and removing it completely (which I beli...
2016 Feb 17
2
Openswan <-> VyOS
...kelifetime=2h
left=<VYOS IP>
right=<OPENSWAN IP>
leftsubnets={
10.1.1.0/24,10.1.2.0/24,10.1.3.0/24,10.1.4.0/24,10.1.5.0/24}
rightsubnets={10.2.1.0/24,10.2.2.0/24,10.2.3.0/24,10.2.4.0/24}
auto=start
authby=secret
dpddelay=30
dpdtimeout=120
dpdaction=hold
phase2alg=aes256-sha1;modp1536
phase2=esp
ike=aes256-sha1;modp1536
Our VyOS configuration is posted in the above forum post, except now I have
followed their advice and created 20 tunnels (each subnet to each subnet,
if that makes sense).
However...
2016 Feb 09
0
OpenSwan Drop Out Issue
...gt;
>
> leftsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24}
>
>
> rightsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24}
> pfs=yes
> auto=start
> authby=secret
> dpddelay=30
> dpdtimeout=120
> dpdaction=hold
> phase2alg=aes256-sha1;modp1536
> phase2=esp
> ike=aes256-sha1;modp1536
>
> It's mirrored exactly the same on the other side.
>
> I have tried changing the dead peer detection timeout to something high (5
> minutes...