We've got similar problems about a year ago, when we deployed a massive installation of vpn/ipsec clients based on isakmpd.
When testing the client robustness to a series of events, like physically disconnecting network cables, simulating power failures and such, we saw the same pattern. Our solution was to use an external program to send simple icmp packets to our internal network and restart isakmpd once "detecting" the tunnel is down. A web search has showed us that tunnel "recreation" is complex and frequently involves non-standard implemmentations. Sometimes, this process fails and it should be considered an external watchdog to be on the safe side. So we cooked an in-house solution using "monit" to restart isakmpd in case of failure. Obviously you'll need to define a simple set of rules to classify a connection as "failed". <snip> > Okey, all vpn comes up normally but.. the problem is: > At random time, the tunnel turn down and dont come up again ! > <snip>
