[Openswan Users] Keeping tunnels up
Paul Wouters
paul at xelerance.com
Tue Feb 27 10:17:49 EST 2007
On Tue, 27 Feb 2007, Benny Amorsen wrote:
> The remote end sent a notify, but network disconnection meant that it
> was never received by the client end.
> PW> Try 2.4.8rc1 ?
>
> I managed to get openswan 2.4.8rc1 onto an OpenWRT box. Unfortunately
> the problem persists. I can reproduce it this way:
>
> 1) Set up two tunnels between two openswans. Client end has
> dpdaction=restart, server has no dpd settings.
> 2) Cut the network between them somewhere in the middle, so that they
> are unable to communicate but do not see ethernet link down
> 3) On the server end: ipsec auto --down tunnel1 ; ipsec auto --down
> tunnel2
> 4) Reconnect the network
> 5) Wait till DPD expires. One tunnel comes up, the other stays down.
Can you add plutostderrlog=/tmp/pluto.log and then get a log of this
event?
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list