[Openswan Users] Keeping tunnels up

Benny Amorsen benny+usenet at amorsen.dk
Sun Feb 25 04:50:39 EST 2007


>>>>> "PW" == Paul Wouters <paul at xelerance.com> writes:

PW> On Thu, 22 Feb 2007, Benny Amorsen wrote:
>> Is there a good way to ensure that certain tunnels are always up,
>> so that they get restarted if they drop for some reason?

PW> auto=start with dpdaction=restart

>> We use multiple tunnels to get multiple subnets through, and that
>> works nicely. However, if just one of those tunnels drops, it is
>> not necessarily restarted automatically. DPD is on but doesn't help
>> if only one tunnel is down -- the peer is fine.

PW> define "down" in this case? Did the remote end send a
PW> Delete/Notify? With auto=start, it should restart when it is in a
PW> down state.

The remote end lost internet connectivity. One tunnel got restarted,
but the others did not. Bug 452 describes the issue (at the end, after
it was reopened), but I am not the reporter.

PW> Note that there are some fixes post openswan-2.4.7 that address
PW> some DPD issues: #git c75967b03b2c478a612aef4ccb7e5dff6e4bdaf5:
PW> dpdaction=restart fix [mcr]

PW> Try 2.4.8rc1 ?

I can't easily try 2.4.8rc1 since the boxes are running OpenWRT. I
will have a go again at replacing the version OpenWRT ships, but so
far I have had little luck with that.


/Benny




More information about the Users mailing list