<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: Les Mikesell <les,AT,futuresource,DOT,com>, cipe-l,AT,inka,DOT,de
Subject: Re: Problem with dead CIPE link
From: Alessandro Baretta <alex,AT,baretta,DOT,com>
Date: Thu, 05 Jun 2003 13:09:30 +0200
In-reply-to: <CJELIEBEFNCJAOMOOMNNCEOCCKAA.les@futuresource.com>
Organization: Baretta srl -- www.baretta.com
References: <CJELIEBEFNCJAOMOOMNNCEOCCKAA.les@futuresource.com>

Les Mikesell wrote:

This what I have problems with. I does not work with me. Of course, I could easily set up a script to ICMP ping the peer and see if it is still there, but if I could count on ciped dying a peaceful death when the peer is down, I'd be a lot happier.


I've always wanted mine to retry forever, although if the

I've tried it, but it is unfeasible, AFAICT. If one side of the VPN goes down, even you restart it (manually or otherwise) it will have forgotten the key and won't be able to authenticate itself with the surviving peer.


same machine is also a NAT gateway for a DSL link I've
sometimes wanted to know if the ISP's side of the link
was down (and they generally don't provide a routing protocol
to tell).  What are you planning to do if ciped exits?

If ciped exists gracefully and takes cipcb0 down with it, the following test will fail:
ifconfig | grep cipcb > /dev/null


Cron periodically executes the above command, and, if necessary, runs the pkcipe client to reconnect to the other side. With this architecture, on side is a passive pkcipe server, the other side is an active pkcipe client controlled by cron.

So, how do I get ciped to die a graceful death when the other side gets disconnected for some reason?

Alex


<< | Thread Index | >> ]    [ << | Date Index | >> ]