On Thu, 02 Apr 2020 13:16:13 +
Martin wrote:
> Remote VPS hoster reset connections after some amount of data has been
> transferred to/from remote VPS.
>
> May I adjust OpenIKED renegotiation timeout down to 1-2s in some way?
> Currently it takes ~3-4m to reconnect.
> Right after each 'connection reset' issued by VPS hoster I can restart iked
> manually by "rcctl restart iked" and iked renegotiate the link immediately
> after it.
>
> The question is how to automate it to have minimal connection loss?
>
> Martin
Hi Martin,
maybe that is not exactly what you asked but I used to fight with that problem:
http://openbsd-archive.7691.n7.nabble.com/OpenIKED-Network-traffic-over-VPN-site-to-site-tunnel-stalls-few-times-a-day-td372267.html
I used ping to monitor the other site of VPN:
#!/bin/sh
# 10.0.17.254 - local LAN gateway
# 172.16.1.254 - remote LAN gateway
while true
do
vpn=`ping -c 3 -w 1 -I 10.0.17.254 172.16.1.254 | grep packets | awk -F " "
'{print $4}'`
if [ "${vpn}" -eq 0 ] ; then
mon=`ping -c 3 -w 1 the_other_side_WAN_IP | grep packets | awk -F " " '{print
$4}'`
wan=`ping -c 3 -w 1 8.8.8.8 | grep packets | awk -F " " '{print $4}'`
if [ "${mon}" -gt 0 ] && [ "${wan}" -gt 0 ] ; then
echo vpn: ${vpn}, mon: ${mon}, wan: ${wan} | mail -s "no ping through
VPN RACTEST-MON! restartng iked!" em...@example.com
rcctl restart iked
fi
fi
sleep 32
done
You can trim the sleep time as you need but remember to give some time to
restart/renegotiation/resync...
I hope it helps.
--
Radek
