User manual
19: Configuring IPSec
_______________________________________________________________________________________________________
yes
9m
negotiate a replacement begin.
Relevant only locally, other end
need not agree on it Syntax:
timespec: 1d, 2h, 25m, 10s.
keyingtries integer
yes
3
Specifies how many attempts (a
positive integer or %forever)
should be made to negotiate a
connection, or a replacement for
one, before giving up. The value
%forever means 'never give up'.
Relevant only locally, other end
need not agree on it.
dpdaction string
string
none
Valid values are none, hold and
clear.
None: Disables dead peer
detection
Clear: Clear down the tunnel if
peer does not respond.
Reconnect when traffic brings the
tunnel up.
Hold: Clear down the tunnel and
bring up as soon as the peer is
available.
Restart: restarts DPD when no
activity is detected
dpddelay string
yes
30s
Defines the period time interval
with which R_U_THERE
messages/INFORMATIONAL
exchanges are sent to the peer.
These are only sent if no other
traffic is received.
Syntax: timespec: 1d, 2h, 25m,
10s.
dpdtimeout string
yes
150s
Defines the timeout interval,
after which all connections to a
peer are deleted in case of
inactivity.
Syntax: timespec: 1d, 2h, 25m,
10s.
A typical tunnel configuration is shown below.
Strongswan.@connection[0]=connection
Strongswan.@connection[0].type=tunnel
Strongswan.@connection[0].name=test
Strongswan.@connection[0].waniface=wan
Strongswan.@connection[0].localid=10.1.1.1
_______________________________________________________________________________________________________
© Virtual Access 2015
GW1000 Series User Manual
Issue: 2.4 Page 124 of 255