/* start DPD checks */
if (this->peer_cfg->get_dpd(this->peer_cfg))
{
- send_dpd(this);
+ if (supports_extension(this, EXT_DPD))
+ {
+ send_dpd(this);
+ }
+ else
+ {
+ DBG1(DBG_IKE, "DPD not supported by peer, disabled");
+ }
}
}
break;
"charon.flush_auth_cfg", FALSE),
);
+ if (version == IKEV2)
+ { /* always supported with IKEv2 */
+ enable_extension(this, EXT_DPD);
+ }
+
this->task_manager = task_manager_create(&this->public);
this->my_host->set_port(this->my_host, IKEV2_UDP_PORT);
* peer supports XAuth authentication, draft-ietf-ipsec-isakmp-xauth-06
*/
EXT_XAUTH = (1<<7),
+
+ /**
+ * peer supports DPD detection, RFC 3706 (or IKEv2)
+ */
+ EXT_DPD = (1<<8),
};
/**
{ "NAT-T (RFC 3947)", EXT_NATT, TRUE, 16,
"\x4a\x13\x1c\x81\x07\x03\x58\x45\x5c\x57\x28\xf2\x0e\x95\x45\x2f"},
- /* draft-ietf-ipsec-dpd-00 */
- { "DPD", 0, TRUE, 16,
+ /* Dead peer detection, RFC 3706 */
+ { "DPD", EXT_DPD, TRUE, 16,
"\xaf\xca\xd7\x13\x68\xa1\xf1\xc9\x6b\x86\x96\xfc\x77\x57\x01\x00"},
{ "draft-stenberg-ipsec-nat-traversal-01", 0, FALSE, 16,