[ previous ] [ next ] [ threads ]
 
 From:  Robert Rich <rrich at gstisecurity dot com>
 To:  JSimoneau at lmtcs dot com
 Cc:  rpsmith at hotmail dot com, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPsec tunnels question
 Date:  Thu, 23 Dec 2004 17:59:58 -0500 
I'm just starting to mess with this, so i could be wrong...but in 1.2b3 
there is an option on the tunnel configuration page (for the remote 
'dhcp' client)

[x] *Automatically establish this tunnel
* Set this option to automatically re-establish this tunnel after 
reboots/reconfigures. If this is not set, the tunnel is established on 
demand.

Could this help? 


JSimoneau at lmtcs dot com wrote:

>Roy,
>
>I also have issues with the tunnel only being brought up from the remote
>network side. There also seems to be no way of forcing the tunnel to stay
>up without providing it interesting traffic from the remote side. I can
>extend the life of the tunnel somewhat, and put a script on the remote
>side to do a ping to the near end every so often, but it still doesn't
>solve the issue.
>
>I hope there is a resolution to this issue in the future, or perhaps
>someone can chime in with a better answer.
>
>Regards,
>Josh
>
> 
>
>
>-----Original Message-----
>From: RP Smith [mailto:rpsmith at hotmail dot com] 
>Sent: Thursday, December 23, 2004 3:12 AM
>To: m0n0wall at lists dot m0n0 dot ch
>Subject: RE: [m0n0wall] IPsec tunnels question
>
>
>  
>
>>The first paragraph sounds correct. On one side you need to do the 
>>tunnel tab, on the other side you need the mobile clients and psk tab. 
>>In your case you'll want the central office to be the mobile clients 
>>and psk tabs since that has the static IP. This is a normal setup, 
>>since the central office "accepts" mobile clients and the remote office 
>>"tunnels" into the central office.
>>......
>>Josh
>>    
>>
>
>Thanks for the tip Josh.  Seems to work great with the limitation that the
>tunnel can only be brought up from the remote network and not from the end
>with the static IP.
>
>Thanks again, Roy...
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>  
>