[Openswan Users] OpenSWAN, KLIPS, and dead tunnels
Paul Wouters
paul at xelerance.com
Thu Oct 8 10:23:02 EDT 2009
On Thu, 8 Oct 2009, Erich Titl wrote:
> If everything fails....
>
> I am running FreeSWan/OpenSWan tunnels for a number of years now and had
> my share with unreliable tunnels. I had pretty good success to
> reestablish failed connections by runnning a script in the background
> which periodically checks the connectivity to the peer, actually it
> checks the response to an ICMP echo sent to the inside interface of the
> remote network. It needed a bit fiddeling with iproute2 but it was worth
> the effort. I found it reacted a lot faster than any DPD stuff and did
> not depend on its implementation.
And it will likely fire false positives on congested links :)
(DPD will not send packets if the SA is busy sending/receiving)
Paul
More information about the Users
mailing list