Hello, I am looking for some better ideas on how to handle an issue I am experiencing, please.
I am using Ubuntu 9.10 Server with StrongSwan 4.3.5. The issue I am having is that, even with Dead Peer Detection turned on, once a remote ISA Server is rebooted, my StrongSwan configuration cannot automatically reestablish a connection with the remote end. Because my setup has to inter-operate with business partners that use Cisco and Microsoft solutions, I use bi-directional host-to-net tunnels. That is, I establish tunnels between the public address on one side, and the private address on the other. An example conf setup follows: # no options set here - use default settings config setup # set up base partner tunnel between public addresses conn partner type=tunnel authby=secret ike=3des-sha1-modp1024 ikelifetime=8h esp=3des-sha1 keylife=1h keyingtries=%forever pfs=yes pfsgroup=modp1024 dpdaction=restart left=1.1.1.1 right=2.2.2.2 auto=start # set up tunnel between left public and right private subnets conn partner_1 leftsubnet=1.1.1.1/32 rightsubnet=192.168.20.0/24 also=partner # set up tunnel between left private and right public subnets conn partner_2 leftsubnet=192.168.10.0/24 rightsubnet=2.2.2.2/32 also=partner Currently, to work around the issue that occurs when a remote ISA Server is restarted, I have a perl script that pings the remote end every 30 seconds. If no response is received, then it calls 'ipsec up partner_1' which brings the tunnel back online. Does anybody have a better solution for this? Thank you in advance, Brandon Rock _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users