[Openswan Users] What would cause ipsec auto --up {tunnelname}to hang?
Greg Scott
GregScott at InfraSupportEtc.com
Thu May 29 17:23:24 EDT 2008
So does anyone have any ideas on my original question - why ipsec auto
--up would hang instead of returning an error status?
The application is backup routing. The left and right sides are
connected via dedicated telcem circuits using routers I have no control
over. But I can ping them. My box pings the other side's gateway and
starts up an IPSEC tunnel if that gateway doesn't answer. When the
primary telco circuit comes back up - when I can ping the other side's
gateway again - I shut down the IPSEC tunnel.
The problem I ran into was, from one side, after doing a couple of ups
and downs, ipsec auto --up decided to hang.
Thanks
- Greg Scott
-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Greg Scott
Sent: Tuesday, May 27, 2008 10:55 PM
To: Paul Wouters
Cc: users at lists.openswan.org
Subject: Re: [Openswan Users] What would cause ipsec auto --up
{tunnelname}to hang?
Aw nuts, I didn't copy the whole list a minute ago...
> So use /etc/ppp/ipdown.d/ scripts. Those are only invoked when a link
> change happens.
I don't get it. Normally the left side is connected to the right side
via a point to point connection - not PPP or PPTP from my Linux bux, but
a dedicated telco connection with another router. To be completely
precise, it's a MPLS connection using a service from AT&T called PNT. I
don't see how anything in /etc/ppp would know anything about this.
So from the left side, I ping the right side of the MPLS connection and
when it doesn't answer, I fire up the IPSEC tunnel. Similarly, from the
right side, I ping the MPLS router on the left side and when the MPLS
router doesn't answer, I fire up the tunnel. The MPLS routers on both
sides are completely independent of my Linux IPSEC firewall system. In
other words, I watch over the MPLS connection and then take over the
routing when it does down. Everyone uses my stuff as their default GW
and then I make the routing decision.
- Greg
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list