[ previous ] [ next ] [ threads ]
 From:  Vincent Fleuranceau <vincent at bikost dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Re: IPsec auto-establishment broken
 Date:  Mon, 27 Sep 2004 14:52:47 +0200
-------- Original Message --------

> On 27.09.2004 12:08 +0200, Vincent Fleuranceau wrote:
>>Of course, in my current setup (1.1b2) I've simply removed the
>><shellcmd> entries. Should I consider using them again in place of
>>the WebGUI keepalive option?
> As I reported, the webGUI auto-establishment option is broken at the
> moment. However, the tunnel should be (re-)established as soon as a
> packet is sent. You can still try the <shellcmd> stuff - in that
> case, the only difference would be obey/claim.

I've just realized that the keepalive code in vpn.inc generates only 
*one* ping command when the config is saved and racoon restarted. The 
"_bg" suffix made me think it was a sort of loop in the background...

So, I've set up the <shellcmd> stuff and it works again as expected.

To give you an idea, on my net4501 (with PPPoE on WAN) the tunnel is 
fully functional after approx. 80 seconds from the moment I reboot the 
remote m0n0wall.

As mentioned in my previous post, I use the following commands (modified 
version of Fred Wright's <shellcmd> kludge):

ping every 5 seconds x 24 times
(-> wake up phase, during 2 minutes, to be sure...)

ping every 60 seconds forever
(-> keep alive)

Hope this helps someone...

-- Vincent

PS: Manuel, many thanks for 1.2b1 improvements!