Marlon Dutra
2007-12-06 18:52:28 UTC
Hello,
I've set up a GRE tunnel between two Linux boxes and it's working well,
with or without IPSEC (under GRE). The problem is that when I have no
traffic for some minutes, side A cannot communicate to side B any more,
unless side B tries to communidate to side A. The same thing happens in
the other direction.
For example, side A pings side B. No reply. Keep pinging.
Side B pings side A. Reply ok. Side A starts getting reply from side B
too.
It's like the kernel suspends the tunnel for inactivity.
That happens even in a non NAT environment. NAT isn't a problem because
I'm using NAT-T in those environments, and NAT-T itself has a keep alive
method that prevents the NAT routers to drop the mapping.
Is there a "keep alive method" for GRE tunnels. I know that if I keep a
ping once a minute, that would fix the problem, but I'm looking for
something that isn't a band aid.
Thanks.
I've set up a GRE tunnel between two Linux boxes and it's working well,
with or without IPSEC (under GRE). The problem is that when I have no
traffic for some minutes, side A cannot communicate to side B any more,
unless side B tries to communidate to side A. The same thing happens in
the other direction.
For example, side A pings side B. No reply. Keep pinging.
Side B pings side A. Reply ok. Side A starts getting reply from side B
too.
It's like the kernel suspends the tunnel for inactivity.
That happens even in a non NAT environment. NAT isn't a problem because
I'm using NAT-T in those environments, and NAT-T itself has a keep alive
method that prevents the NAT routers to drop the mapping.
Is there a "keep alive method" for GRE tunnels. I know that if I keep a
ping once a minute, that would fix the problem, but I'm looking for
something that isn't a band aid.
Thanks.
--
MARLON DUTRA
Propus
GnuPG ID: 0x3E2060AC pgp.mit.edu
http://www.propus.com.br/
http://hackers.propus.com.br/~marlon/
MARLON DUTRA
Propus
GnuPG ID: 0x3E2060AC pgp.mit.edu
http://www.propus.com.br/
http://hackers.propus.com.br/~marlon/