[Openswan Users] Keep tunnel open

Jobst Schmalenbach jobst at barrett.com.au
Tue Jan 11 00:01:53 EST 2011


  I have BB (BigBrother) running (on lots of my machines), and on one of 
the ipsec hosts I ping one of the internal servers that is behind the 
ipsec host on the other side (every 5 minutes) ... so it should never be 
idle (or am I mistaken here)?

Do I need to get a file (like a 1px gif), do an `ls -al` or something 
like that to keep the tunnel alive?


Jobst



On 01/11/2011 10:47 AM, Paul Wouters wrote:
> On Tue, 11 Jan 2011, Jobst Schmalenbach wrote:
>
>> I have a tunnel between to static ip addresses.
>> I would like to keep this open (not sure whether this is a
>> security risk), but the tunnel dies so I guess I must
>> not have the flags specified correctly.
>>
>> I though that
>>
>> rekey=yes
>> keyingtries=%forever
>>
>> would suffice to keep the tunnel open?
>
> It should. openswan has no "idle timeout" that would cause it to stop
> the tunnel. Likely, the other end deletes it when it finds the tunnel
> is unused?
>
> The logs should indicate this,
>
> Paul



More information about the Users mailing list