[Openswan Users] OpenSWAN, KLIPS, and dead tunnels
Erich Titl
erich.titl at think.ch
Thu Oct 8 02:18:35 EDT 2009
Hi
Diego Rivera wrote:
> I will do more testing on this on the weekend (when I can dispose of the
> systems more freely). Thanks for all your help though!
>
> I'll most certainly make sure to keep you in the loop with whatever I
> find - worst case, we'll document for posterity in case others run into
> the same hiccup. Best case, we find a cure - and who wouldn't like that? :)
If everything fails....
I am running FreeSWan/OpenSWan tunnels for a number of years now and had
my share with unreliable tunnels. I had pretty good success to
reestablish failed connections by runnning a script in the background
which periodically checks the connectivity to the peer, actually it
checks the response to an ICMP echo sent to the inside interface of the
remote network. It needed a bit fiddeling with iproute2 but it was worth
the effort. I found it reacted a lot faster than any DPD stuff and did
not depend on its implementation.
cheers
Erich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3409 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20091008/6cff625f/attachment.bin
More information about the Users
mailing list