From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Rymes To: development@lists.ipfire.org Subject: Re: [PATCH 1/2] ipsec: Add script to ensure VPNs are always on Date: Wed, 05 Feb 2020 12:36:14 -0500 Message-ID: <8cdb5ccc-5e67-5268-8a89-a46b069a4d8f@rymes.com> In-Reply-To: <36D59040-B7E1-4713-816F-40A2EF440D7A@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2833743075765155689==" List-Id: --===============2833743075765155689== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On 02/05/2020 12:22 PM, Michael Tremer wrote: > Hi, >=20 >> On 5 Feb 2020, at 17:19, Tom Rymes wrote: [snip] >> OK, I see what you mean. May I suggest that we eliminate the distinction b= etween "Always-On" and "On Demand" and just retain the time limit for inactiv= ity? Tunnels set to have a limited time before being shut down to inactivity = shouldn't be brought back up by the script and those that do not should be. >=20 > That would still change one more thing. We would then decide to always keep= all tunnels up. I am not sure if that has any disadvantages for anyone reall= y. But we would definitely have to drop the timeout, too, because otherwise t= he tunnel will be brought down and the script will bring it back up again sho= rtly after. Sorry for being unclear. There are currently eight options for=20 "Inactivity Timeout", including "Unlimited". I would propose that the=20 script you are adding should only bring back up tunnels whose Inactivity=20 Timeout is set to "Unlimited". A tunnel with a timeout of one hour would=20 time out, go down, and then the script should ignore it. Does that make sense? Tom --===============2833743075765155689==--