Thank you Mathhew, I ffound out, that the bash-script works just fine so it did noz search for another solution. :-)
But now I know why I'll have to work with the script. Thanks! Andreas Am 16.11.2010 05:18, schrieb Matthew Grooms: > On 10/16/2010 1:25 PM, Andreas Hoppe wrote: >> HI, >> >> after solving the compile-problem, I could establish a tunnel to the >> network behind the Fritz!Box 7270 through the internet. >> > > ... > >> After the second ping (the "reciebed ping") I can use the network as it >> should be. >> >> For now, I start the tunnel with a bash-script that pings the foreign >> network after establishing the tunnel. But this is only a workaround. >> >> Is the "ping-problem" a known problem? I use the newest version of >> shrew. >> > > The "ping-problem" is just the way IPsec works on Linux and BSD OS's. > When an IPsec connection is established, an ISAKMP SA is created along > with IPsec policies. IPsec SA's ( the ones used to protect actual user > traffic ) isn't negotiated until packets match an IPsec policy. The > kernel then requests that an SA be negotiated to protect the traffic. > Sometimes there is a noticeable delay between when the first packet > hits matches a policy and when a mature SA is available to protect the > network traffic. On BSD systems, the packet is cached and is forwarded > when the SA becomes available. I'm not sure if this is the case on > Linux or not. Chances are, if you started a TCP connection, it would > also work but you may have to wait around for a retry to occur before > the packets would actually traverse the VPN tunnel. > > -Matthew > > -- Dipl.-Ing. Andreas Hoppe An der Acher 35 77855 Achern T.: 07841 / 601975 _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
