Brian wrote:

> Remember that tunnels will be brought down when their SAs expire and
> there's no immediate traffic to bring it back up. Tunnel creation is
> usually pretty quick (a second or two) so usually theres no issue with
> rebuilding it after a drop. I wonder if it would be possible in the future
> to add a "persistant" option that would cause each endpoint to ping the
> other across the tunnel at predefined intervals. Honestly, I don't know
> how useful that is, but its something to ponder. I guess.

A persistent option would be very useful. I have a Watchguard SOHO at a 
remote site and it has an option to ping a specified address. I use this 
to ping a local address and hence keep the tunnel up.

Does anyone have any further tips for using Monowall/IPSEC with DHCP on 
the WAN? I have a such a beast at home linked into my Watchguard Firebox 
at work. It works great, set up was a breeze, docs are great. Much 
easier than the SOHO.

Trouble is, everytime my DHCP lease with my ISP expires, I lose the 
tunnel. Trying to reconnect from home doesn't re-establish the link and 
  under Diagnostics/IPSEC I get multiple SAD/SPD entries. I tried this 
on v1.0 and v1.1b14 - same result.

The only way I get the link back is to reboot Monowall. I guess just 
restarting IPSEC would probably do it. Is there a way to restart the 
tunnel when the WAN address changes? Does this happen anyway?

Darren