On Thu, 02 Apr 2020 13:16:13 +0000 Martin <[email protected]> wrote:
> Remote VPS hoster reset connections after some amount of data has been > transferred to/from remote VPS. > > May I adjust OpenIKED renegotiation timeout down to 1-2s in some way? > Currently it takes ~3-4m to reconnect. > Right after each 'connection reset' issued by VPS hoster I can restart iked > manually by "rcctl restart iked" and iked renegotiate the link immediately > after it. > > The question is how to automate it to have minimal connection loss? > > Martin Hi Martin, maybe that is not exactly what you asked but I used to fight with that problem: http://openbsd-archive.7691.n7.nabble.com/OpenIKED-Network-traffic-over-VPN-site-to-site-tunnel-stalls-few-times-a-day-td372267.html I used ping to monitor the other site of VPN: #!/bin/sh # 10.0.17.254 - local LAN gateway # 172.16.1.254 - remote LAN gateway while true do vpn=`ping -c 3 -w 1 -I 10.0.17.254 172.16.1.254 | grep packets | awk -F " " '{print $4}'` if [ "${vpn}" -eq 0 ] ; then mon=`ping -c 3 -w 1 the_other_side_WAN_IP | grep packets | awk -F " " '{print $4}'` wan=`ping -c 3 -w 1 8.8.8.8 | grep packets | awk -F " " '{print $4}'` if [ "${mon}" -gt 0 ] && [ "${wan}" -gt 0 ] ; then echo vpn: ${vpn}, mon: ${mon}, wan: ${wan} | mail -s "no ping through VPN RACTEST-MON! restartng iked!" [email protected] rcctl restart iked fi fi sleep 32 done You can trim the sleep time as you need but remember to give some time to restart/renegotiation/resync... I hope it helps. -- Radek
