Just a real-life example: I have an IPSEC-Mesh between several locations. Each location has it's own VoIP PBX. The PBXs don't talk to each other unless there is a call. If the tunnel is down and you try to call a phone at the distant PBX you get a busy before the tunnel is up (tunnel needs longer to establish than the timeout of the VOIP). The second call then is working as the tunnel was brought up because of the first try which failed. There is other traffic from sublocations to main location only (keeping tunnels from sublocations to mainlocation up, no mesh traffic) but VOIP is going directly from one location to the other through a different tunnel between the two locations (which goes down if there are not calls from time to time).
Solutions: - adding cronjobs manually (but they don't get backed up with config.xml, so exchanging/restoring the router needs recalling this settings) - using a server in sublocations subnets doing the ping Holger > -----Ursprüngliche Nachricht----- > Von: Scott Ullrich [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 18. November 2005 21:22 > An: support@pfsense.com > Betreff: Re: [pfSense Support] IPsec Does Auto Establish work? > > > Exactly. I really don't see any reason to constantly babysit the > tunnels. If its mission critical to keep the tunnels up, there is > cron. There are situations where something can be over-engineered > and this smells exactly of it. > > Scott > > On 11/18/05, Vivek Khera <[EMAIL PROTECTED]> wrote: > > what's the point of keeping the tunnel up? won't either endpoint > > force it to re-establish on demand anyhow? > > > > i know my mobile user IPsec vpn does so from my mac to pfSense. i'm > > fairly certain our remote office VPN also does so, but it is a > > LOOOONG haul over an unreliable network, so it is up and > down all the > > time anyway. > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > ____________ Virus checked by G DATA AntiVirusKit --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
