From: Philip Burrow (phil.burrow_at_blueyonder.co.uk)
Date: Wed Oct 02 2002 - 01:08:38 CEST
> > When I bring down a set of ipsec tunnels between two hosts, it causes
all
> > connectivity between those hosts to be lost altogether meaning I have to
> > restart my systems to get it back online again. I have no idea why, and
the
> > routing table is the same. Is it these 'eroutes' ive seen you guys on
about?
> >
> > Phil.
> >
>
> If you bring down one side of the tunnel, the other side thinks it's still
> up until rekeytime + (a few secs) happens, and the other side expires the
> SA. This means it tries to respond on ipsec# interfaces, which won't work
> too well if one side has stopped FreeS/WAN.
Yep, that's exactly what I've been experiencing. Are you saying that if I
wait long enough it will automagically start working?
> If you do this often, you may wish to apply the Delete/NotifySA patches
> from http://open-source.arkoon.net - if applied, when you nicely tear down
> ipsec connection (ipsec setup stop, etc...) the other side will delete the
> SA + eroute.
That would be useful, thanks for the link!
Phil.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Oct 03 2002 - 05:20:20 CEST