[ previous ] [ next ] [ threads ]
 From:  Andrew Zook <andrewzook at pdqlocks dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VPN - Connection goes down, have to reset all branches
 Date:  Tue, 04 Apr 2006 17:35:50 -0400
Well, It probably would reconnect if I did that, but I don't want to
have to connect and do anything. I would prefer if the connection would
just come back up without any user intervention.

A few of the locations are pretty far out in the sticks and have spotty
connections, so this is something that happens at least once a day.

I have another network set up with static IPs on both ends. I never have
to touch it! It just works.

If there is no hope for having the dynamic IP setup reconnect
automatically, I suppose that I will have to look into static IPs there too.

How about a very short Phase 2 Lifetime (like 10 minutes) ?

That said, what are people using the Phase lifetime settings?

> Clicking the Save button on the IPsec page without changing anything
> on the branch locations doesn't bring it back up?
> I don't know what the solution may be, but personally I wouldn't
> complain too much.  I have a big dollar Cisco VPN deployment that
> requires manually clearing the SAD's most of the time when a T1
> hiccups even briefly.
> Posting the system logs from both ends when it happens might be
> helpful for determining why it isn't coming back up.  Also checking
> the SAD on both ends under Diagnostics -> IPsec might be helpful.
> -Chris