Right so in the previous article
I set up an IPSec VPN between Openswan and OpenBSD’s PF. The issue with it is
that any time the OpenBSD end restarted, the Openswan end had no idea this
occurred, and quit working with no notification of any sort. And just running
ipsec auto --down $conn; ipsec auto --up $conn didn’t work, it actually
created an additional flow and SAD on the OpenBSD side, and the tunnel
wouldn’t become active.
So I’m going old-school. I’m going to write a stupid hacky script to ping the
OpenBSD internal endpoint from the Openswan box, and when it goes unresponsive,
ipsec auto --replace $conn && ipsec auto --up $conn to bring the tunnel
See? Openswan sucks.
Feel free, by the way, to prove otherwise.