08-07-2020 05:46 AM
@nikoo wrote:Basically, what are your options to detect the IPSec tunnel peer down condition and act as soon as possible, meaning, tear down the tunnel and start re-negotiation.
Scripting and the API.
The best way that I've found to deal with something like this is having something on each end (can be as dumb as a raspberry pi) which is simply performing a basic ICMP check via a scheduled script. If the script notices a tunnel is down, then it goes out and clears the connection and starts a test to bring things back online and make it functional in the shortest timeframe possible.
The benefit of this type of solution is that the ICMP check itself in a lot of cases will cause enough traffic to keep all of the tunnels online baring an actual connectivity issue.
