IPSEC dropping - how to auto reconnect

wpeople · November 10, 2011, 5:42pm

Hi,

i’ve set up an IPSec VPN network with several 450Gs. One act as central gateway, and others are connecting to.
There are 2 networks on satellites: lan and voice, they are different instances.

the problem is: sometime some of the tunneled links got dropped. for example: on the satellite the lan or voice is NOT accessible, even pinging from central node to satellite - or vice versa (yes, using the tunneled IPs)

enabling (or disable/enable) the specific link (or rebooting the satellite) usually takes it back.

I’m interested if:

somehow i can specify the ping watchdog for modifing source IP (and ping the remote site - if unaccessible, than reboot)
restart ipsec instance if unaccessible (or periodically)
any other

thanks for any ideas!

CCDKP · November 10, 2011, 10:24pm

I believe what you are looking for is Dead Peer Detection (DPD). Make sure it is enabled under the IPSec Peer entry. The default is check every 120 seconds, fail after 5 losses, which seems a little long for me. I use 45/3 and haven’t had much trouble.

wpeople · November 11, 2011, 2:30pm

yes, it should be thanks for the tip!