[Openswan Users] Require help for gateway failover condition to keep tunnel establised
utkarsh shah
utkarsh at elitecore.com
Wed Sep 6 10:03:50 EDT 2006
Hi,
thanks for your help
but in that case only we can know that link from our end went down
but if link from other end went down then we will not be able to
identify it and establish tunnel.
and what if we manually disconnect tunnel form local end then still
same thing will happen.
one thing came in my mind is send ICMP (ping) to remote server and
if don't find reply then switch over to another connection but for that
we require to enable ping on both servers.
for same i thought to have ikeping but it don't work as we have
already assigned some interface to ipsec0. i might be wrong for it as i
don't know much about ikeping.
one more thing i tried to detech ipsec interface using
ipsec tncfg --detach --virtual ipsec1 (eth1:0)
ipsec tncfg --detach --virtual ipsec0 (eth1)
and then attached
ipsec tncfg --attach --virtual ipsec0 --real eth1:0
ipsec tncfg --attach --virtual ipsec1 --real eth1
then i tried to connect to same ip as eth1 and was successful but
interface it showed is ipsec0 instead of ipsec1
and ifconfig shows same output as previous.
Thanks & Regards,
Utkarsh Shah
Paul Wouters wrote:
> On Wed, 6 Sep 2006, utkarsh shah wrote:
>
>
>> i have two wan links from different ISPs.
>> and have tunnel using one ISP which provides me higher bendwidth.
>> i would like to create a tunnel such a way that if it gets failed then another tunnel comes up..
>> i can execute a script when i detect gateway as dead.
>> please suggest me configuration and way using which i can establish such tunnel.
>>
>> one way i thought is change left when i detect gateway dead and try to establish connection.
>> do we have any way to execute a script on dpd.
>>
>
> Use a custom leftupdown= script?
> See http://www.xelerance.com/talks/ for advanced setups using heartbeat or OSPF.
>
> Paul
>
More information about the Users
mailing list