26: Configuring IPSec
_______________________________________________________________________________________________________
_____________________________________________________________________________________________________
© Virtual Access 2017
GW1000 Series User Manual
Issue: 1.9 Page 226 of 350
Web: DPD Action
UCI: strongswan.@connection[X].dpdaction
Opt: dpdaction
Defines DPD (Dead Peer Detection) action.
Clear down the tunnel if peer does not respond.
Reconnect when traffic brings the tunnel up.
Clear down the tunnel and bring up as soon as
the peer is available.
Restarts DPD when no activity is detected.
Web: DPD Delay
UCI: strongswan.@connection[X].dpddelay
Opt: dpddelay
Defines the period time interval with which R_U_THERE
messages and INFORMATIONAL exchanges are sent to the
peer.
These are only sent if no other traffic is received.
Web: DPD Timeout
UCI: strongswan.@connection[X].dpdtimeout
Opt: dpdtimeout
Defines the timeout interval, after which all connections to a
peer are deleted in case of inactivity.
Web: n/a
UCI:
strongswan.@connection[X].inherit_child
Opt: inherit_child
Defines whether the existing phase two IPSEC SA is
maintained through IKE rekey for this tunnel. This is normally
set to match the behaviour on the IPSEC headend.
Delete the existing IPSEC SA on IKE rekey
Maintain the existing IPSEC SA on IKE rekey
Table 76: Information table for IPSec connections settings
26.2.5 Configure secrect settings
Each tunnel requires settings to configure how the local end point of the tunnel proves
its identity to the remote end point.
Figure 120: IPSec secrets settings
Web Field/UCI/Package Option
Web: Enabled
UCI: strongswan.@secret[X].enabled
Opt: enabled
Defines whether this set of credentials is to be used or not.
Web: ID selector
UCI: strongswan.@secret[X].idtype
Opt: idtype
Defines whether IP address or userfqdn is used.
Web: ID selector
UCI: strongswan.@secret[X].localaddress
Opt: localaddress
Defines the local address this secret applies to.
To Next Page
Loading...