[Openswan Users] Keeping tunnels up
Benny Amorsen
benny+usenet at amorsen.dk
Thu Feb 22 17:42:04 EST 2007
Is there a good way to ensure that certain tunnels are always up, so
that they get restarted if they drop for some reason?
We use multiple tunnels to get multiple subnets through, and that
works nicely. However, if just one of those tunnels drops, it is not
necessarily restarted automatically. DPD is on but doesn't help if
only one tunnel is down -- the peer is fine.
I could do ipsec auto --up foo every minute, but that actually starts
the tunnel even if it is already running. I could also parse the
output of ipsec auto --status every minute and restart depending on
the result, but that seems a bit silly. Pluto knows when it closes a
tunnel after all.
Any ideas?
/Benny
More information about the Users
mailing list