On Thu, Jul 8, 2010 at 7:41 PM, Curtis Maurand <[email protected]> wrote: > >> I already played with "prefer old IPSEC" on or off, but this seems not to >> help. >> Keep in mind that all the end-nodes are dynamic ip's (and each and >> every night at 4AM I let them restart the PPPoE at the end nodes) >> > > I have a two part cron job. on an inside host I have a perl script that > checks for a host on the other end of the tunnel with a ping. If it gets no > response, it sends a text file to the firewall via scp. The firewall has a > script that checks for the existence of that file. If it finds it, the > firewall resets ipsec and deletes the file. I've set up ssh keypairs to > allow the sending of the file without having to enter a password. The file > is passed using unprivileged accounts. >
Curtis, can you elaborate a bit more on how you did this ? I don't mind an outage of 5 minutes (in fact, I'd love to wait 5 minutes before taking any action whatsoever)... A VPN can die (randomly), and most of the time it fixes itself too... but it's for those moments, that it didn't fix itself, I want to "script" this. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
