[Openswan Users] Openswan + quagga/ospfd routing problem
Ralf Guenthner
gue at iq-work.de
Fri Sep 9 12:22:13 CEST 2005
Won't anyone confirm or contradict the assumptions I made in my last
posting? If Pauls suggestion works, I've already solved half of my
problem but what about the other half?
Ralf Guenthner wrote:
> Hi Paul
>
> you mean like this:
>
> dpddelay=30
> dpdtimeout=120
> dpdaction=clear
>
> Great! That could help when the routes are switched to the backup VPN,
> yes. But what about switching back? When the link on eth0 returns and
> OSPF goes back to the primary link, traffic crossing it wouldn't be
> encrypted, right? I'd need to restart ipsec on both ends. Or am I
> missing something?
>
> Regards
> Ralf
>
>
>
> Paul Wouters wrote:
>
>> On Thu, 8 Sep 2005, Ralf Guenthner wrote:
>>
>>> How can I solve this situation? As far as I can tell, I'd need a way
>>> to have ipsec stop itself automatically on both routers and then
>>> restart as soon as the link returns.
>>
>>
>>
>> Use Dead Peer Detection? See the dpdaction=, dpdtimeout= and dpddelay=
>> options.
>>
>> Paul
>>
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
More information about the Users
mailing list