Hello,
I am looking for some better ideas on how to handle an issue I am
experiencing, please.
I am using Ubuntu 9.10 Server with StrongSwan 4.3.5. The issue I am having
is that, even with Dead Peer Detection turned on, once a remote ISA Server
is rebooted, my StrongSwan configuration cannot automatically reestablish a
connection with the remote end.
Because my setup has to inter-operate with business partners that use Cisco
and Microsoft solutions, I use bi-directional host-to-net tunnels. That is,
I establish tunnels between the public address on one side, and the private
address on the other. An example conf setup follows:
# no options set here - use default settings
config setup
# set up base partner tunnel between public addresses
conn partner
type=tunnel
authby=secret
ike=3des-sha1-modp1024
ikelifetime=8h
esp=3des-sha1
keylife=1h
keyingtries=%forever
pfs=yes
pfsgroup=modp1024
dpdaction=restart
left=1.1.1.1
right=2.2.2.2
auto=start
# set up tunnel between left public and right private subnets
conn partner_1
leftsubnet=1.1.1.1/32
rightsubnet=192.168.20.0/24
also=partner
# set up tunnel between left private and right public subnets
conn partner_2
leftsubnet=192.168.10.0/24
rightsubnet=2.2.2.2/32
also=partner
Currently, to work around the issue that occurs when a remote ISA Server is
restarted, I have a perl script that pings the remote end every 30 seconds.
If no response is received, then it calls 'ipsec up partner_1' which brings
the tunnel back online. Does anybody have a better solution for this?
Thank you in advance,
Brandon Rock
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
