Schedules for IPSec tunnels
-
Hi,
we have configured a new IPSec Tunnel to Amazon AWS VPC.
Amazon charges $0.05 per VPN Connection-Hour... we really do not need the tunnel 24/7 ;-)To save money the idea is to stop and start the tunnel with a crontable entry.
My question: how can I start/stop or enable/disable a particular IPSec tunnel on the command line?
-
i know that you can start / stop ipsec services with
pfSsh.php playback svc stop ipsec pfSsh.php playback svc start ipsecbut i don't know for a specific tunnel if it's possible
-
many thx kiokoman this solution is working as cron entries ;-)
Unfortunately I have other vpn tunnels which must be up, so I cannot use it.
-
@sepp_huber
Hey
Perhaps this will helphttps://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand
ipsec up <name> tells the IKE daemon to start up connection <name>. Implemented by calling the ipsec stroke up <name> command. ipsec down <name> tells the IKE daemon to terminate connection <name>. Implemented by calling the ipsec stroke down <name> command.For example ,
ipsec down con2000
-
@Konstanti many thx .. that's it
btw. the connection name is displayed in the first column in the IPSec-Status Page table:
"con1000: #4" => con1000 -
@sepp_huber Amazon will bill you whether the tunnel is up or down. You have to completely disable it on the AWS side to stop the billing.
-
Nice try :-(
@Derelict : thx for the hint.
Off-Topic:
There is no feature to disable it, it must be deleted to stop billing ... and if you create it again you get a new configuration, not very cost efficient...https://forums.aws.amazon.com/thread.jspa?threadID=83161
-
@sepp_huber said in Schedules for IPSec tunnels:
There is no feature to disable it, it must be deleted to stop billing ... and if you create it again you get a new configuration, not very cost efficient...
That's why many people put pfSense in AWS and IPsec to that.
