[Openswan Users] Require help for gateway failover condition to keep tunnel establised

utkarsh shah utkarsh at elitecore.com
Wed Sep 6 10:03:50 EDT 2006


Hi,
    thanks for your help
    but in that case only we can know that link from our end went down 
but if link from other end went down then we will not be able to 
identify it and establish tunnel.
    and what if we manually disconnect tunnel form local end then still 
same thing will happen.
    one thing came in my mind is send ICMP (ping) to remote server and 
if don't find reply then switch over to another connection but for that 
we require to enable ping on both servers.
    for same i thought to have ikeping but it don't work as we have 
already assigned some interface to ipsec0. i might be wrong for it as i 
don't know much about ikeping.

    one more thing i tried to detech ipsec interface using
        ipsec tncfg --detach --virtual ipsec1 (eth1:0)
        ipsec tncfg --detach --virtual ipsec0 (eth1)
    and then attached
       ipsec tncfg --attach --virtual ipsec0 --real eth1:0
       ipsec tncfg --attach --virtual ipsec1 --real eth1

    then i tried to connect to same ip as eth1 and was successful but 
interface it showed is ipsec0 instead of ipsec1
    and ifconfig shows same output as previous.

Thanks & Regards,
Utkarsh Shah

Paul Wouters wrote:
> On Wed, 6 Sep 2006, utkarsh shah wrote:
>
>   
>>     i have two wan links from different ISPs.
>>     and have tunnel using one ISP which provides me higher bendwidth.
>>     i would like to create a tunnel such a way that if it gets failed then another tunnel comes up..
>>     i can execute a script when i detect gateway as dead.
>>     please suggest me configuration and way using which i can establish such tunnel.
>>
>>     one way i thought is change left when i detect gateway dead and try to establish connection.
>>     do we have any way to execute a script on dpd.
>>     
>
> Use a custom leftupdown= script?
> See http://www.xelerance.com/talks/ for advanced setups using heartbeat or OSPF.
>
> Paul
>   



More information about the Users mailing list