[Openswan Users] Keep tunnel open

Jobst Schmalenbach jobst at barrett.com.au
Tue Jan 11 00:01:53 EST 2011

  I have BB (BigBrother) running (on lots of my machines), and on one of 
the ipsec hosts I ping one of the internal servers that is behind the 
ipsec host on the other side (every 5 minutes) ... so it should never be 
idle (or am I mistaken here)?

Do I need to get a file (like a 1px gif), do an `ls -al` or something 
like that to keep the tunnel alive?


On 01/11/2011 10:47 AM, Paul Wouters wrote:
> On Tue, 11 Jan 2011, Jobst Schmalenbach wrote:
>> I have a tunnel between to static ip addresses.
>> I would like to keep this open (not sure whether this is a
>> security risk), but the tunnel dies so I guess I must
>> not have the flags specified correctly.
>> I though that
>> rekey=yes
>> keyingtries=%forever
>> would suffice to keep the tunnel open?
> It should. openswan has no "idle timeout" that would cause it to stop
> the tunnel. Likely, the other end deletes it when it finds the tunnel
> is unused?
> The logs should indicate this,
> Paul

More information about the Users mailing list