[Openswan Users] Vigor2600V & Openswan 2.4.5 need regular
ping?
Roberto Fichera
kernel at tekno-soft.it
Thu May 4 19:13:09 CEST 2006
At 17.59 04/05/2006, Paul Wouters wrote:
>On Thu, 4 May 2006, Roberto Fichera wrote:
>
>> I've setup several VPN using the virgor 2600V with Openswan
>> on the other side. The vigors are setuped to accept only incoming VPN
>> connection from the Openswan gateway. The tunnel works as expected
>> if I ping regulary (every 30secs) from the Openswan side towards the vigors
>> otherwise I cannot do anything from the virgor side towards Openswan.
>
>It is a vigor issue. Their implementation of "keep alive" and their
>call direction permissions are pretty flawed.
>
>Your best bet is to let the Vigor be responder (eg allow dailin or allow
>both) and not use any pings/keep alives. And then have the openswan
>side with rekey=yes. That way, the openswan side will ensure your VPN
>stays up 24/7.
As I see the rekey=yes is enable by default, or I'm missing something?
>
>Now, the real problem is getting two vigors to keep a connection up.....
What do you mean with keep a connection up? Currently the tunnel stay
up with and without regular ping. The problem is that I cannot use the lan
on the openswan side from the vigor side, i.e. ping from vigor to openswan
gateway doesn't work, while the contrary works. But starting after the first
ping from the openswan side I could use all the services from the vigor side
for about 30secs ... and the tunnel still always up. I've already
tried to remove
the regular ping but all the tunnels are always up!
>
>Paul
>--
>Building and integrating Virtual Private Networks with Openswan:
>http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
Roberto Fichera.
More information about the Users
mailing list