I already played with "prefer old IPSEC" on or off, but this seems not to help.
Keep in mind that all the end-nodes are dynamic ip's (and each and
every night at 4AM I let them restart the PPPoE at the end nodes)
I have a two part cron job. on an inside host I have a perl script that
checks for a host on the other end of the tunnel with a ping. If it
gets no response, it sends a text file to the firewall via scp. The
firewall has a script that checks for the existence of that file. If it
finds it, the firewall resets ipsec and deletes the file. I've set up
ssh keypairs to allow the sending of the file without having to enter a
password. The file is passed using unprivileged accounts.
Cheers,
--C
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
