Hi Kalyani, strongSwan uses NAT detection payloads in INFORMATIONAL messages with RFC 4555 MOBIKE which is enabled by default. See
https://tools.ietf.org/html/rfc4555#section-3.8 Regards Andreas On 12.01.2018 07:16, Kalyani Garigipati (kagarigi) wrote: > Hi, > > > > Thanks a lot for the reply. It worked. I see the dpd triggering now. > > > > I am working on a case when dpd from strongswan sends the nat detection > payloads. > > I wanted to know upon which conditions strongswan would send dpd request > with nat_detection_src_ip and nat_detection_dst_ip. > > > > Is it done only in specific case like when strongswan is behind the nat > ? and strongswan is in remote-access-client ? > > > > Regards, > > kalyani > > > > *From:*bls s [mailto:bl...@outlook.com] > *Sent:* Friday, January 12, 2018 6:40 AM > *To:* Kalyani Garigipati (kagarigi) <kagar...@cisco.com>; > users@lists.strongswan.org > *Subject:* RE: [strongSwan] dpd not getting triggered > > > > By default dpdaction=none, which disables sending dpd messages. > > > > *From: *Kalyani Garigipati (kagarigi) <mailto:kagar...@cisco.com> > *Sent: *Thursday, January 11, 2018 10:47 AM > *To: *users@lists.strongswan.org <mailto:users@lists.strongswan.org> > *Subject: *[strongSwan] dpd not getting triggered > > > > Hi, > > I am using strongswan version 5.6.1 > I found that even though I configured dpd using dpddelay and dpdtimeout, > dpd is not getting triggered from strongswan client at all even though > there is no traffic passing. > Please let me know how to debug this. > > > config setup > charondebug=all > # crlcheckinterval=600 > # strictcrlpolicy=yes > # cachecrls=yes > # nat_traversal=yes > # charonstart=no > > conn %default > ikelifetime=100m > keylife=20m > rekeymargin=8m > keyingtries=1 > authby=psk > keyexchange=ikev2 > ike=aes256-sha256-modp1024 > esp=3des-sha1 > mobike=yes > dpddelay=5s > dpdtimeout=150s > > # Add connections here. > > # Add connections here. > conn net-net > left=10.127.47.104 > leftsubnet=10.127.47.104/32 > leftid=10.127.47.104 > right=10.104.108.110 > rightsubnet=10.104.108.110/32 > rightid=10.104.108.110 > auto=start > > ~ > Regards, > kalyani > -- ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Networked Solutions HSR University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[INS-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature