[Openswan Users] Tunnel going down - local or remote?

Anirudh Kamatgi akamatgi at gmail.com
Mon Oct 27 07:29:50 EDT 2008


On Fri, Oct 24, 2008 at 8:46 PM, Peter McGill <petermcgill at goco.net> wrote:

> Anirudh,
>
> Short answer: Not using DPD, but perhaps with monitoring scripts.
> Long answer:
>
> You can easily monitor ipsec auto --up/--down by providing a wrapper
> script to record the intended up/down status.
> Using KLIPS & DPD you can use ipsec eroute to determine actual status.
> Should be a method for NETKEY too, but I still use KLIPS.
> You can also scan the recent logs to determine why/who shut down the
> tunnel.
> Although if the tunnel goes down via DPD timeout then I can't think of
> any way to determine which end went down, only if one end disconnected
> properly could you determine which end, via logs or by comparing intended
> status to actual status using above described scripts.
>
> If you want more specific help, try describing more what your trying to do.

Basically, for logging purposes.
Also, I am trying to do a manual failover by starting a tunnel over a backup
interface
and I do not want both ends of the tunnel to be the initiators.

Thanks,
-anirudh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081027/5d0bab75/attachment.html 


More information about the Users mailing list