[Openswan Users] Keeping tunnels up

[Benny Amorsen]

>>>>> "PW" == Paul Wouters <paul at xelerance.com> writes:

PW> define "down" in this case? Did the remote end send a
PW> Delete/Notify? With auto=start, it should restart when it is in a
PW> down state.

The remote end sent a notify, but network disconnection meant that it
was never received by the client end.

PW> Note that there are some fixes post openswan-2.4.7 that address
PW> some DPD issues: #git c75967b03b2c478a612aef4ccb7e5dff6e4bdaf5:
PW> dpdaction=restart fix [mcr]

PW> Try 2.4.8rc1 ?

I managed to get openswan 2.4.8rc1 onto an OpenWRT box. Unfortunately
the problem persists. I can reproduce it this way:

1) Set up two tunnels between two openswans. Client end has
dpdaction=restart, server has no dpd settings.
2) Cut the network between them somewhere in the middle, so that they
are unable to communicate but do not see ethernet link down
3) On the server end: ipsec auto --down tunnel1 ; ipsec auto --down
tunnel2
4) Reconnect the network
5) Wait till DPD expires. One tunnel comes up, the other stays down.


/Benny