[Openswan Users] Dead Peer Detection restart causes tunnel to be established, but afterwards cannot ping from either side
the1geekman at gmail.com
Mon Oct 10 08:30:36 EDT 2011
Decided to run a ping to the other side of a tunnel for a few hours
today, because obviously if the tunnels stop working intermittently
due to this issue, then that's a big step from only happening on
restart. It seemed highly likely given the presentation of the issue
I've seen thus far.
Unfortunately, my fears were proven:
Mon Oct 10 13:25:01 EST 2011 PING OK - Packet loss = 0%, RTA = 20.13
Mon Oct 10 14:00:01 EST 2011 PING CRITICAL - Packet loss =
Mon Oct 10 15:10:01 EST 2011 PING OK - Packet loss = 0%, RTA = 186.80
Mon Oct 10 16:00:01 EST 2011 PING CRITICAL - Packet loss =
Mon Oct 10 17:05:01 EST 2011 PING OK - Packet loss = 0%, RTA = 23.42
And on it goes like that. This was without any sort of intervention --
no restarts or anything, obviously this is kind of a deal breaker.
Unless I was to add a cron job to issue "--replace" on all tunnels
every 15 minutes... which feels so dirty to me.
I've decided, tomorrow I'm going to try to tunnel between my test
OpenSwan instance and my live instance, to see if it'll work any
better. If so, then perhaps its some issue with the IPSec
implementation on the RV042s we use. I will have no choice but to make
it work with the RV042s either way, but I'm running out of ways to try
and narrow down what's wrong. So it's something.
Any better ideas are welcome. Thanks!
On Sat, Oct 8, 2011 at 10:10 AM, Geekman <the1geekman at gmail.com> wrote:
> Anyone have any ideas on how I can narrow the cause this issue down,
> or somewhere else I might be able to look to sort it out?
> I've pretty much run out of ideas on what to do next, right now. I was
> really counting on the software upgrade to sort it out. :P
More information about the Users