Netwatch to flush ipsec installed-sa

ipdruide · Wed Nov 08, 2006 5:09 pm

Hi,

As many are aware of ipsec tunnels suffer from the need to manually flush installed-sa from now and then. I tried to use Netwatch to start a one line script to do the flush. Unfortunately netwatch doesn't ping from a prefered source address, making it unusable to test a remote tunnel address.
Did anyone find or think of a workaround ?

Kindest regards

ipdruide · Sat Nov 11, 2006 4:50 pm

Any idea anyone on how to netwatch vpns ?
Thanks.

ipdruide · Mon Nov 13, 2006 12:04 pm

Greeting !
Anyone there ? Is this a dummy question ?
Thanks to any comment.

cmit · Mon Nov 13, 2006 5:04 pm

Not a dummy question

...

I don't have a solution at hand, too.
Perhaps you could do something with policy routing to force out your netwatch pings with a specific source address?

Best regards,
Christian Meis

ipdruide · Tue Nov 14, 2006 11:55 am

Thank you cmit. I was in trouble with my self-confidence

Moreover I did get it running with policy routing rule.
I owe you kudos today.

Many many thanks.

cmit · Tue Nov 14, 2006 12:50 pm

Good to hear your self-confidence is restored

...

Best regards,
Christian Meis

Netwatch to flush ipsec installed-sa

Netwatch to flush ipsec installed-sa

how to netwatch vpns ?

Silly question ?

it works with policy routing

Who is online