Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] FAQ - Life's little mysteries

From: Daniel Distelrath (Daniel.Distelrath_at_t-online.de)
Date: Mon Jun 10 2002 - 01:33:59 CEST

Next message: Daniel Distelrath: "Re: [Users] A newbie question"
Previous message: David Gardi: "[Users] A newbie question"
In reply to: Daniel Distelrath: "[Users] FAQ - Life's little mysteries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

guess, partly answer to ur problem is
http://www.freeswan.org/freeswan_trees/freeswan-1.95/doc/faq.html#deadtunnel

You say 'ipsec auto --unroute <conn name>' didn't work for you, but i know '--delete','--down' and 'restart' did ;-)

I'm afraid there is no such event when a client "disconnects". You should try by configuring 'keyingtries' and 'keylife', as mentioned in FAQ link, to meet ur needs. Just try!

somelistguy>>

----- Original Message -----
From: "Daniel Distelrath" <Daniel.Distelrath_at_t-online.de>
To: <users_at_lists.freeswan.org>
Sent: Saturday, June 08, 2002 1:31 PM
Subject: [Users] FAQ - Life's little mysteries

> Hello,
>
> the "When a tunnel goes down, packets vanish" problem from the FAQ ( http://www.freeswan.org/freeswan_trees/freeswan-1.95/doc/faq.html#down_route ) is a great problem for me:
>
> VPN GW is on the same box as a firewall including a port forward (DNAT).
> After a VPN connection with SSH Sentinel was established and "disconnected" there's no way for me to use this forwarded port again as i can't even ping my firewall from the client-machine before a 'ipsec setup restart'.
>
> So, how can i reestablish the state before a VPN connect without restarting? Are there some kind of "events" in freeswan when SSH Sentinel "disconnects" i can use to tell freeswan to do this automatically after e.g. a Sentinel "disconnection"?
>
> I also read the "reestablish unsecured connection" mail (see FAQ) - but 'ipsec auto --unroute <conn name>' didn't make a difference 8-(
>
>
> I'm using Bering LEAF/LRP ( http://leaf.sourceforge.net/devel/jnilo/index.html ) including freeswan .lrp pakets and an ipsec.o. Due to unfortunate compile-time options there is no (klips-)debug output available.
>
>
> I'd greatly appreciate any help on this.
> --dan--
>
>
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Daniel Distelrath: "Re: [Users] A newbie question"
Previous message: David Gardi: "[Users] A newbie question"
In reply to: Daniel Distelrath: "[Users] FAQ - Life's little mysteries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:13 CEST