Thank you,<div><br></div><div>Pauls solution involves Linux-HA with master/slave setup, while I have only one server. Although it's 8 years old, but still has nice ideas.</div><div><br></div><div>yes, Jon, I'm trying to move forward with leftupdown, however it bugs me, that I cannot run "/usr/sbin/ipsec auto --up VNO2-OSL" in the leftupdown=/tmp/tunnel1_down.sh script - the ipsec process just hangs and I can restart it only with "killall pluto".</div>
<div><br></div><div>if I run the script manually - works fine.</div><div><br></div><div>last lines:</div><div><div>Jun 21 15:24:49 TestGW pluto[16175]: "VNO1-OSL" #5: down-client output: rtt min/avg/max/mdev = 77.379/77.379/77.379/0.000 ms</div>
<div>Jun 21 15:25:26 TestGW pluto[16175]: ERROR: "VNO1-OSL" #5: fgets failed on output of down-client command. Errno 4: Interrupted system call</div></div><div><br></div>
<div><br> <br><div class="gmail_quote">On Fri, Jun 18, 2010 at 12:57 AM, Jon <span dir="ltr"><<a href="mailto:jon@sacredregion.com" target="_blank">jon@sacredregion.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Paul is overcomplicating, IMO - just script it using "leftupdown" and "rightupdown".<br>
<br>
Cheers,<br>
-Jon<br>
<br>
<br>
Aurimas Skirgaila wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>
Hello, <br>
my Openswan machines are almost 20 hops away each other, so internet problems somewhere in the middle break my VPN.<br>
<br>
at host A I have eth1 and eth2 for two ISP, so I want, that if tunnel A.eth1 <==> B would fail, the A.eth2 <==> B would come up.<br>
<br>
<br>
I bet this is not an uniqe problem, so what is the standard way to accomplish this kind of automatic failover?<br>
<br>
<br>
currently my config is :<br>
<br>
version 2.0 # Openswan U2.6.26<br>
<br>
# basic configuration<br>
config setup<br>
protostack=netkey<br>
nat_traversal=no<br>
virtual_private=<br>
oe=off<br>
<br>
conn VNO1-OSL<br>
#authby = secret<br>
left=19.*.*.202<br>
leftnexthop=19.*.*.201<br></div>
leftsubnet=<a href="http://10.1.0.0/24" target="_blank">10.1.0.0/24</a> <<a href="http://10.1.0.0/24" target="_blank">http://10.1.0.0/24</a>><div><br>
leftid=@vilnius.loc<br>
leftrsasigkey=0sAQOIg...<br>
<br>
right=84.*.*.138<br></div>
rightsubnet=<a href="http://10.72.0.0/24" target="_blank">10.72.0.0/24</a> <<a href="http://10.72.0.0/24" target="_blank">http://10.72.0.0/24</a>><div><br>
rightid=@oslo.loc<br>
rightrsasigkey=0sAQOoU...<br>
<br>
#leftupdown=/tmp/tunnel1_down.sh #should I be using this??<br>
<br>
dpddelay=6<br>
dpdtimeout=14<br>
dpdaction=hold<br>
<br>
auto=add<br>
<br>
conn VNO2-OSL<br>
left=21.*.*.210 # Public Internet IP address of LTU<br>
leftnexthop=21.*.*..209 # ISP Gateway<br></div>
leftsubnet=<a href="http://10.1.0.0/24" target="_blank">10.1.0.0/24</a> <<a href="http://10.1.0.0/24" target="_blank">http://10.1.0.0/24</a>><div><br>
leftid=@vilnius.loc<br>
leftrsasigkey=0sAQOIg...<br>
<br>
right=84.*.*.138<br></div>
rightsubnet=<a href="http://10.72.0.0/24" target="_blank">10.72.0.0/24</a> <<a href="http://10.72.0.0/24" target="_blank">http://10.72.0.0/24</a>><div><br>
rightid=@oslo.loc<br>
rightrsasigkey=0sAQOoU...<br>
<br>
#leftupdown=/tmp/tunnel2_down.sh #should I be using this??<br>
dpddelay=6<br>
dpdtimeout=14<br>
dpdaction=hold<br>
auto=add<br>
<br>
<br>
-- <br>
Mvh,<br>
Aurimas Skirgaila<br></div>
------------------------------------------------------------------------<br>
<br>
_______________________________________________<br>
<a href="mailto:Users@openswan.org" target="_blank">Users@openswan.org</a><br>
<a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
Building and Integrating Virtual Private Networks with Openswan: <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br>
</blockquote>
<br>
</blockquote></div><br><br clear="all"><br>-- <br>Mvh,<br>Aurimas Skirgaila<br>
</div>