Automated recovery of Tunnels

  • I am sure I missed this somewhere, but I have had a couple of instances where I lost power and the router recovered well.  However, I had to manually go in and reestablish the tunnels.  Can this be automated?


  • 2.0 is much better about re-establishing an IPsec tunnel.  also, OpenVPN site-to-site seems to be bullet proof in just about every way.


  • I am on 2.0, now the newest RC candidate.  After a WAN failure I have to manually re-establish each tunnel.  I thought maybe that I had just missed a config option somewhere.  But it sounds like this is expected on IPSEC?


  • if you have traffic trying to go out the tunnel, the links should re-establish.  do you have pfs 2.0 on both ends?


  • Thanks Roy,

    That is about a simple answer I have had to any issue.  When I would look at IPSEC status and see the connection dropped and the "connect VPN" icon next to it, I thought I had to manually intervene.  Two of my VPN connections are to training rooms that aren't always active.  I tried it out and you were correct.

    Thanks for setting my mind at ease.


  • Rebel Alliance Developer Netgate

    If you specify a keep-alive IP that's in the remote subnet (inside the remote phase 2 network), it will bring up the tunnels automatically every time.

    The connect button just sends a ping on the tunnel, nothing fancy.

Log in to reply