From: Fraser Campbell (fraser_at_starnix.com)
Date: Thu Oct 31 2002 - 18:41:49 CET
We have a multi-homed FreeS/WAN hub to which 20-30 remote offices will be
connecting. Our tunnels use a right=vpn.xxxx.com parameter.
We were hoping that if we kept the TTL low on the vpn DNS record and the kept
FreeS/WAN's rekeying parameters at a similiar interval that we could
implement failover centrally using DNS.
Instead what happens is that FreeS/WAN never gives up on the first hostname
that it looked up and continues to negotiate based on that IP even when the
underlying OS recognises that the remote IP has changed. Blocking the remote
FreeS/WAN's access to the IP still doesn't force it to do a double check of
the hostname's IP.
Is there anything that we can do to make FreeS/WAN honour the DNS TTLs and
relookup the host, short of restarting it?
Thanks,
-- Fraser Campbell <fraser_at_starnix.com> Starnix Inc. Telephone: (905) 771-0017 ext. 223 Thornhill, Ontario, Canada http://www.starnix.com/ Professional Linux Services & Products _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Tue Nov 05 2002 - 05:20:44 CET