From: thegeezer <thegeezer@thegeezer.net>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] GRE link state detection
Date: Mon, 09 Sep 2013 11:12:47 +0100 [thread overview]
Message-ID: <522D9F1F.3070202@thegeezer.net> (raw)
In-Reply-To: <201309071923.39255.michaelkintzios@gmail.com>
asking the same question on the bird mailing list, was recommended some
values to make bird down the GRE tunnels faster.
multiple tunnels are required due to the very unreliable internet, so
one tunnel goes over one dsl link, another goes over another.
DPD timeouts are 30seconds minimum, which is too long.
i'll keep you posted if the bird recommendations works better
On 09/07/2013 07:23 PM, Mick wrote:
> On Thursday 05 Sep 2013 15:49:55 thegeezer wrote:
>> Howdy all,
>> i was wondering if anyone has any idea if there is a means by which i
>> can detect GRE link state ?
>>
>> what i have is two sites each with two very unstable internet links
>> in order to vpn between them i have ipsec tunnels linking each side
>> twice (four ipsec tunnels in total)
> I am not sure why you need 4 tunnels, you could just use 1 tunnel as a gateway
> to gateway setup, but I assume that your particular network topology satisfies
> your requirements.
>
>
>> i then have 4x GRE tunnels over the top of those in order that i have a
>> secured routable VPN
>> this gives me net.vpn0 net.vpn1 net.vpn2 and net.vpn3
>> finally i run BIRD over the top which works very well, and synchronises
>> routing tables between the two sites, and allows for me to do such fun as
>> # /etc/init.d/net.vpn0 stop
>> and watch all traffic automagically cut over to another link.
>>
>> so far so awesome.
>>
>> however, as i said the internet links are very unstable, and sometimes
>> just blackhole. so what i was hoping to do is just enable keepalives on
>> the gre tunnel. which sadly seems to be cisco only.
> I'm no Cisco expert, but I thought that the keepalives are disabled when you
> use IPSec, because IPSec had Dead Peer Detection for this purpose?
>
>
>> can anyone suggest a way of detecting if the GRE is not fully connected ?
>> BIRD only fails over if the net.vpn0 device is down (ifconfig up/down)
>> and for the life of me i cannot find how to detect if a GRE tunnel is
>> 'connected', it seems to just blindly send packets to the remote IP.
>> is my only choice to use L2TP instead ?
> Set your IKE lifetime to something like 86400 sec and your SA lifetime at
> something like 3600, with dpd enabled and it should (hopefully) work. L2TP is
> not needed.
>
next prev parent reply other threads:[~2013-09-09 10:12 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-05 14:49 [gentoo-user] GRE link state detection thegeezer
2013-09-07 18:23 ` Mick
2013-09-09 10:12 ` thegeezer [this message]
2013-09-09 18:39 ` Mick
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=522D9F1F.3070202@thegeezer.net \
--to=thegeezer@thegeezer.net \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox