[Openswan Users] Vigor2600V & Openswan 2.4.5 need regular ping?
Paul Wouters
paul at xelerance.com
Thu May 4 18:59:53 CEST 2006
On Thu, 4 May 2006, Roberto Fichera wrote:
> I've setup several VPN using the virgor 2600V with Openswan
> on the other side. The vigors are setuped to accept only incoming VPN
> connection from the Openswan gateway. The tunnel works as expected
> if I ping regulary (every 30secs) from the Openswan side towards the vigors
> otherwise I cannot do anything from the virgor side towards Openswan.
It is a vigor issue. Their implementation of "keep alive" and their
call direction permissions are pretty flawed.
Your best bet is to let the Vigor be responder (eg allow dailin or allow
both) and not use any pings/keep alives. And then have the openswan
side with rekey=yes. That way, the openswan side will ensure your VPN
stays up 24/7.
Now, the real problem is getting two vigors to keep a connection up.....
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list