[Openswan Users] OpenSWAN, KLIPS, and dead tunnels
Erich Titl
erich.titl at think.ch
Thu Oct 8 16:28:11 EDT 2009
Paul
Paul Wouters wrote:
> On Thu, 8 Oct 2009, Erich Titl wrote:
>
>> If everything fails....
>>
>> I am running FreeSWan/OpenSWan tunnels for a number of years now and had
>> my share with unreliable tunnels. I had pretty good success to
>> reestablish failed connections by runnning a script in the background
>> which periodically checks the connectivity to the peer, actually it
>> checks the response to an ICMP echo sent to the inside interface of the
>> remote network. It needed a bit fiddeling with iproute2 but it was worth
>> the effort. I found it reacted a lot faster than any DPD stuff and did
>> not depend on its implementation.
>
> And it will likely fire false positives on congested links :)
Possibly, but who can say DPD is alwways right :-) Whatever, not
depending on a single indicator is always good.
Erich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3409 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20091008/372f6446/attachment.bin
More information about the Users
mailing list