[Openswan Users] Openswan + quagga/ospfd routing problem
Ralf Guenthner
gue at iq-work.de
Thu Sep 8 17:47:01 CEST 2005
Hi Paul
you mean like this:
dpddelay=30
dpdtimeout=120
dpdaction=clear
Great! That could help when the routes are switched to the backup VPN,
yes. But what about switching back? When the link on eth0 returns and
OSPF goes back to the primary link, traffic crossing it wouldn't be
encrypted, right? I'd need to restart ipsec on both ends. Or am I
missing something?
Regards
Ralf
Paul Wouters wrote:
> On Thu, 8 Sep 2005, Ralf Guenthner wrote:
>
>> How can I solve this situation? As far as I can tell, I'd need a way
>> to have ipsec stop itself automatically on both routers and then
>> restart as soon as the link returns.
>
>
> Use Dead Peer Detection? See the dpdaction=, dpdtimeout= and dpddelay=
> options.
>
> Paul
>
More information about the Users
mailing list