[Openswan Users] Dropping IPSec Connection

Paul Wouters paul at xelerance.com
Wed Mar 28 19:21:36 EDT 2007


On Wed, 28 Mar 2007, Muiz Motani wrote:

> Thinking a little more about this, I realized that I could run a script which would detach and
> reattach my ipsec0 if my VPN went down. The only way I can think of to determine from the
> router if the tunnel has gone down is to run a cron job every couple of minutes to monitor
> the tncfg. If the MTU for the underlying physical interface goes to 0 then I can just detach
> and reattach ipsec0. Does this sound reasonable, or can you think of another method to
> detect if the tunnel has failed? I currently find out that the tunnel has failed by running a
> cron job on a system in the subnet behind the spoke router which pings a system in the
> subnet behind the hub router, but this does not help me on the spoke router itself.
>
> The above method is really a kludge, though. I would still like to find out if the tunnel would
> fail the way I described if there was packet loss in the path. A more elegant solution than the
> one I describe would be most welcome.

You can try and do:

plutostderrlog=/tmp/pluto.log
plutodebug=control

and see if the logs will turn up anything useful.

Paul


More information about the Users mailing list