Re: Preventing a Network Service from becoming Primary
Re: Preventing a Network Service from becoming Primary
- Subject: Re: Preventing a Network Service from becoming Primary
- From: Ben Low <email@hidden>
- Date: Wed, 1 Nov 2006 22:40:03 +1100
G'Day Allan,
On 01/11/2006, at 10:13 PM, Allan Nathanson wrote:
How does the tunnel function without an underlying network? If the
tunnel drops when it's own transport is no longer available than
you no longer have a problem.
Oh, I neglected to note I'm using the UDP transport mode - the
openvpn peers only know they're incommunicado via an inactivity
timeout, which for efficiency/reliability tradeoff reasons shouldn't
be less than 60-90s. Also, it's a valid openvpn config to not worry
about a timeout at all.
My goal here is to have my openvpn tunnel up at all times, no matter
where or how I'm physically connected. When my openvpn tunnel drops
through a timeout, it periodically tries to re-stablish the
connection. This way I don't have to ever worry about connecting - as
long as there's a path, I'm always connected. And with local DNS
(SupplementalMatchDomains), it's like I never leave home!
I kick this off via a launchd task, and it all works very well
excepting the 90-odd seconds of 100% CPU I get every time I lose real
connectivity before openvpn realises the server's gone and drops the
tunnel.
Switching to TCP transport mode is not an option (friends don't let
friends do TCP-over-TCP). Doesn't this same issue arise with IPSec
tunnels?
Thanks,
Ben
--
Ben Low
email@hidden
There is far too much law for those who can afford it and far too
little for those who cannot.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden