From: Francis GASCHET (fg_at_numlog.fr)
Date: Fri Nov 08 2002 - 10:38:50 CET
Hi all,
A solution is to issue a "ipsec auto --delete xxx" and a "ipsec auto
--add xxxx" on both sides.
The "stop" command doesn't delete the routes.
I didn't use it up to now, but I figure that the Delete/Notify patch
makes this kind of stuff !
Ciao
-- Francis GASCHET / NUMLOG http://www.numlog.fr Tel.: +33 (0) 130 791 616 Fax.: +33 (0) 130 819 286 Philip Burrow a écrit: >>>>If you bring down one side of the tunnel, the other side thinks it's >>>> >>>> >still > > >>>>up until rekeytime + (a few secs) happens, and the other side expires >>>> >>>> >the > > >>>>SA. This means it tries to respond on ipsec# interfaces, which won't >>>> >>>> >work > > >>>>too well if one side has stopped FreeS/WAN. >>>> >>>> >>>Yep, that's exactly what I've been experiencing. Are you saying that if >>> >>> >I > > >>>wait long enough it will automagically start working? >>> >>> >>If you wait long enough, the other side will put the eroute in %hold >>status, which might allow you to get back in. My solution has also been >>to go in thru a different box that's not part of the VPN, so it's >>unaffected. >> >> > >That is what I had been doing, but only to reboot the ends of the tunnels. >Should it be the case that stopping ipsec will restore the connectivity or >is there another way of doing it which doesn't require me to reboot them. I >know its a bit of a Windows method but it's the only one I have found will >restore the connectivity! > >Cheers Ken, > >Phil. > > >_______________________________________________ >Users mailing list >Users_at_lists.freeswan.org >http://lists.freeswan.org/mailman/listinfo/users > > > _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Sat Nov 09 2002 - 05:20:36 CET