[Openswan Users] DPD on OpenS/WAN
Alexander Samad
alex at samad.com.au
Sat Mar 20 16:28:54 CET 2004
On Fri, Mar 19, 2004 at 05:25:26AM +0000, John P Santos wrote:
> When the FreeS/WAN announced it's imminent demise I switched over all my
> VPNs to OpenS/WAN after I read somewhere (no longer remember exactly where)
> that Dead Peer Detection (DPD) was enabled as a patch in OpenS/WAN aka
> SuperFreeS/WAN.
>
> Does anyone know how I can go about using this? Because I'm having some
> serious issues with some of the peers on 3 and 4 way VPN networks going
> down from time to time and not coming back up. I need a trustworthy way of
> making sure that these connections are alive, and so far the scripts people
> have posted on the mailing list are not working.
>
> Can someone please help? :-D I need to get this working, so I can avoid
> my clients calling me everyday to have me restart the VPN on remote servers.
>
> There are other VPN implementations out there that address this issue in a
> much better way, where you can actually ping networks from within the
> servers, something which IPSec isn't possible because of it's architecture,
> but overlooked because of the strong security of IPSec's encryption.
You should be able to ping from the ipsec servers, just setup the src
address properly
192.168.10.1 <GW1> a.b.c.d --- w.x.y.z <GW2> 192.168.100.1
presume an ipsec.conf
conf hijk
leftsubnet=192.168.10.0/24
rightsubnet=192.168.100.0/24
so on GW1 ping 192.168.100.1 doesn't work cause it has src address
a.b.c.d.
so do
ip route add 192.168.100.0/24 dev XXXX src 192.168.10.1
or
ip route add 192.168.100.1/32 dev XXXX src 192.168.10.1
do the reverse on GW2
and then the ping should work.
Alex
>
> I await and thank ahead of time anyone's reply.
>
> - John
>
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20040320/2e651573/attachment.bin
More information about the Users
mailing list