Hi All,<br><br>I want a net-to-net connection to be permanent.<br>It should come up across link failures, ipsec service restarts, machine reboots.<br><br>As per 'man ipsec.conf' i tried following parameters:<br><br>
ipsec gateway-1:<br><br> plutowait=yes (because sometimes some of my tunnels doesn't get established due to - "<i><i>can not start crypto helper: failed to find any available worker")<br></i></i><br> auto=add<br>
<br> rekey=yes<br> keyingtries=3<br> rekeymargin=120 (seconds)<br>
rekeyfuzz=10%<br>
ikelife=3600<br> keylife=3600<br><br> dpdaction=restart<br><br>ipsec gateway-2:<br><br> plutowait=yes<i><i><br></i></i><br>
auto=start<br>
<br>
rekey=yes<br>
keyingtries=3<br>
rekeymargin=120 (seconds)<br>
rekeyfuzz=10%<br>
ikelife=3600<br>
keylife=3600<br><br> dpdaction=restart<br>
<br><br>I tested this parameters using VMWare setup. But to my surprise it doesn't work persistently.<br>My observation is -<br><br>after peer is declared dead (from both the sides),<br><br>1) sometimes gateway-2 tries to reestablish the connection by initiating main mode repeatedly. gateway-1 also tries to do this but by initiating the connection only <keyingtries> times. Eventually when peer becomes available, connection is reestablished.<br>
<br>2) sometimes both tries to reestablish the connection only <keyingtries> times. Connection is not reestablished when peer becomes available.<br><br>What could be the reason of this uneven behavior?<br><br>Thanks in advance.<br>
<br>-hiren<br>