[Openswan Users] Losing VPN after ipsec restart
wgillespie+openswan at es2eng.com
Thu Sep 1 14:03:18 EDT 2011
May try using commands such as:
ipsec auto --add newconnection
ipsec auto --replace previousconnection
That may keep you from having to restart all the connections.
Sorry it doesn't help with your original problem, but it may be a workaround.
From: "Roman Serbski" <mefystofel at gmail.com>
Sent: Thursday, September 1, 2011 11:00am
To: users at openswan.org
Subject: [Openswan Users] Losing VPN after ipsec restart
Appreciate your advise with the following issue.
We have ~90 remote offices establishing IPSec tunnel with the server
in HQ (let's call it VPN master).
The VPN master is powered by Ubuntu 8.04.2 with Openswan
U2.4.9/K2.6.24-23-server installed from packages.
Here is the typical entry for the remote site in ipsec.conf:
Remote sites are powered by Ubuntu 9.10 with Openswan
U2.6.22/K2.6.31-22-generic with the following ipsec.conf:
Everything works fine with IPSec tunnel establishing alright, however
recently we started experiencing some issues.
When we modify ipsec.conf (to add a new entry) and restart ipsec on
VPN master, some offices are recovered instantly, for some offices it
takes an hour, but some are never recovered.
If I login to the remote site with IPSec tunnel down and restart ipsec
then the tunnel is established immediately.
I was trying to find a pattern but in vein. Some offices with high
latency and packet loss are recovered immediately and offices with a
relatively good connection might never recover and vice verse. We also
monitor all sites by pinging them so I believe there is always some
traffic traversing the tunnel.
It's probably worth mentioning that we didn't experience this issue
before (with ~30 remote offices)... I guess with 90 sites we reached
some timeout limits.
Any hints would be greatly appreciated.
Thank you for your time.
Users at openswan.org
Building and Integrating Virtual Private Networks with Openswan:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users