[Openswan Users] Keep tunnel open
Jobst Schmalenbach
jobst at barrett.com.au
Tue Jan 11 00:01:53 EST 2011
I have BB (BigBrother) running (on lots of my machines), and on one of
the ipsec hosts I ping one of the internal servers that is behind the
ipsec host on the other side (every 5 minutes) ... so it should never be
idle (or am I mistaken here)?
Do I need to get a file (like a 1px gif), do an `ls -al` or something
like that to keep the tunnel alive?
Jobst
On 01/11/2011 10:47 AM, Paul Wouters wrote:
> On Tue, 11 Jan 2011, Jobst Schmalenbach wrote:
>
>> I have a tunnel between to static ip addresses.
>> I would like to keep this open (not sure whether this is a
>> security risk), but the tunnel dies so I guess I must
>> not have the flags specified correctly.
>>
>> I though that
>>
>> rekey=yes
>> keyingtries=%forever
>>
>> would suffice to keep the tunnel open?
>
> It should. openswan has no "idle timeout" that would cause it to stop
> the tunnel. Likely, the other end deletes it when it finds the tunnel
> is unused?
>
> The logs should indicate this,
>
> Paul
More information about the Users
mailing list