[Openswan Users] How to know when a tunnel is down
Paul Wouters
paul at xelerance.com
Thu May 28 13:29:27 EDT 2009
On Thu, 28 May 2009, richard witt wrote:
> I posted yesterday on what everyone was using to know when a tunnel is
> down. Other than pinging a host on the other end of the tunnel, what
> usually indicates that a tunnel is down?
That is really the only sure way, unless you are using Dead Peer Detection,
since you don't know the other end's state without causing traffic. They
could have closed the tunnel.
> On a side note is there a way to do a pluto debug on just a certain
> connection and not on all of the connections? We currently have 64
> site to site tunnels on one server and about 12 or so on another, so
> we cant just restart ipsec anytime we want to debug one connection.
no, but you can do:
ipsec pluto --debug-all
and when done:
ipsec pluto --debug-none
Paul
More information about the Users
mailing list