From: Philip Burrow (phil.burrow_at_blueyonder.co.uk)
Date: Wed Oct 02 2002 - 08:51:12 CEST
> > > If you bring down one side of the tunnel, the other side thinks it's
still
> > > up until rekeytime + (a few secs) happens, and the other side expires
the
> > > SA. This means it tries to respond on ipsec# interfaces, which won't
work
> > > too well if one side has stopped FreeS/WAN.
> >
> > Yep, that's exactly what I've been experiencing. Are you saying that if
I
> > wait long enough it will automagically start working?
>
> If you wait long enough, the other side will put the eroute in %hold
> status, which might allow you to get back in. My solution has also been
> to go in thru a different box that's not part of the VPN, so it's
> unaffected.
That is what I had been doing, but only to reboot the ends of the tunnels.
Should it be the case that stopping ipsec will restore the connectivity or
is there another way of doing it which doesn't require me to reboot them. I
know its a bit of a Windows method but it's the only one I have found will
restore the connectivity!
Cheers Ken,
Phil.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Sat Nov 09 2002 - 05:20:36 CET