Couldn't you get the same thing with the VPN dead peer-detect set to
HOLD?
Under strongswan for example, their's a setting that would allow you to
auto=start or auto=ignore, if you could add this, you should be okay.
Here's how my vyatta ipsec.conf looks;
conn peer-1.1.1.1-tunnel-1
left=1.1.1.1.
right=2.2.2.2
leftsubnet=192.168.254.0/24
rightsubnet=192.168.255.0/24
ike=3des-md5-modp1024
ikelifetime=28800s
aggrmode=no
dpddelay=30s
dpdtimeout=60s
dpdaction=restart
esp=3des-md5
keylife=3000s
rekeymargin=540s
type=tunnel
pfs=no
compress=yes
authby=secret
auto=start
If the last line was set to auto=ignore, than I would think ipsec would
be started and the host would wait for the far-end ( right ) to
initiated the session.
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
