[ previous ] [ next ] [ threads ]
 From:  Darren Hammond <darren at hammond dot uklinux dot net>
 To:  mono at ricerage dot org
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall to m0n0wall
 Date:  Tue, 22 Jun 2004 22:08:56 +0100
Brian wrote:

> Remember that tunnels will be brought down when their SAs expire and
> there's no immediate traffic to bring it back up. Tunnel creation is
> usually pretty quick (a second or two) so usually theres no issue with
> rebuilding it after a drop. I wonder if it would be possible in the future
> to add a "persistant" option that would cause each endpoint to ping the
> other across the tunnel at predefined intervals. Honestly, I don't know
> how useful that is, but its something to ponder. I guess.

A persistent option would be very useful. I have a Watchguard SOHO at a 
remote site and it has an option to ping a specified address. I use this 
to ping a local address and hence keep the tunnel up.

Does anyone have any further tips for using Monowall/IPSEC with DHCP on 
the WAN? I have a such a beast at home linked into my Watchguard Firebox 
at work. It works great, set up was a breeze, docs are great. Much 
easier than the SOHO.

Trouble is, everytime my DHCP lease with my ISP expires, I lose the 
tunnel. Trying to reconnect from home doesn't re-establish the link and 
  under Diagnostics/IPSEC I get multiple SAD/SPD entries. I tried this 
on v1.0 and v1.1b14 - same result.

The only way I get the link back is to reboot Monowall. I guess just 
restarting IPSEC would probably do it. Is there a way to restart the 
tunnel when the WAN address changes? Does this happen anyway?