[Openswan Users] Ipsec auto --up {tunnelname} hangs
Paul Wouters
paul at xelerance.com
Wed Jun 18 17:15:45 EDT 2008
> Sometimes, the MPLS router goes offline for a few seconds and then comes
> back to life. The scripts on both sides notice they can't see the MPLS
> router on the other side and start to bring up the tunnel. The left side
> brings up the tunnel and properly takes it down when the MPLS router
> comes back alive. But the right side hangs trying to bring up the
> tunnel. I think it hangs because the left side deleted the tunnel before
> the right side can fully set it up.
>
> So there the right side sits, hung in limbo forever - and that's my
> problem. I don't know how to break that hang so I can handle the error
> condition.
Are you sure? Because ipsec auto releases the whack after 60 seconds,
giving your script control back.
> Here's my question - what can I do to make sure any ipsec command always
> returns back to me with some kind of status code so I can handle it?
Using --async you get control back immediately, but obviously without
a meaningful status code, as the connection is still being setup while
you get the return code.
You can further tweak timings by setting:
PLUTO_EVENT_RETRANSMIT_DELAY=
PLUTO_MAXIMUM_RETRANSMISSIONS_INITIAL=
before running ipsec auto --up connmae to tune this to your needs.
Paul
More information about the Users
mailing list