Simon Chang wrote: > > Hello all, > > I need a very simple routing protocol for VPN redundancy. > > We have several sites and each site has a Linux router and two IPCops each > with an ADSL connection to the internet using different ISP's. > > I have configured VPN's between all of the sites for each IPcop on ispA and > the same for the IPCops on ispB. This way, if one of the ISP fails, I change > the route on the router and my VPN's continue to function over the other > ISP. > > This is a very simple saftey but it works well and its pretty cheep. But I'm > getting sick of changing the routes by hand and wonder if there is any way > of automating the failover. > > What I was thinking of is maybe a script/utility that I could configure to > ping a host on a remote lan and if I started to loose to many packets or it > got too slow or failed it would change the route automatically. > > Has any one ever written a script or know of a utility that can do that? > > Cheers Simon. I know nothing of VPNs, but I can tell you that Julian Anastasov has written patches for the Linux kernel called Dead Gateway Detection. Maybe that will do what you want. http://www.ssi.bg/~ja/ http://www.ssi.bg/~ja/dgd.txt http://www.ssi.bg/~ja/dgd-usage.txt http://www.ssi.bg/~ja/nano.txt You can have a look at what I'm running at work at: http://andthatsjazz.org:8/lartc/rc.nano1 and there are examples and links here: http://andthatsjazz.org:8/lartc/index.html Although I've only caught it happening once, when the ISP on eth2 went down that outage was not even noticed by users. I used to have 3 (very flakey) connections here at home, and I wrote a script that had a Linux box at work ping each one. When there were too many unanswered pings, a message was sent (to a working IP) saying which one was down. If the connection was restored, a different flag was sent. At home, I monitored a special directory for a flag file and changed the routing to stop trying the bad connection (or to use a revived one) depending on what flag file was there. The scripts were pretty trivial to write, and they worked (often!). -- gypsy _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
