8298 questions

9759 answers

15542 comments

13863 members

0 votes
109 views 3 comments
by
Hi:

I am using the ping reboot function and have selected for the Interface 'Automatically Selected".

I am pinging an internal address that is inside the VPN, the idea being that if the tunnels are not up I want the router the restart.

I am not sure it its working as we have several sites that go off line and only come back when we send an SMS reboot.

So, my question is, will the "Automatically Selected" setting work for GRE tunnels inside IPSec tunnels?

The route is 192.168.0.0/16 -> dev SOI where SOI is the GRE tunnel. So if the GRE tunnel is down will the ping still get sent and timeout?

Like I said, its doesn't appear to be working at some sites.

Cheers,

John

1 Answer

0 votes
by
Hi,

It will automatically select the interface from which the ping will be coming, so if you've set a failover on those devices - automatic select will automatically use the available WAN connection.

But if you do not have failover on them - select "Ping from mobile" and it should work the same way.

Come back to me with your results!

EB.
by
Thanx for the infor EB.

Ok, so.....

I have this weird condition where the IPSec tunnel comes up on the Cisco AND the RUT950 but I cannot ping.

The GRE tunnul "appears" up but no pings......

When the SA is ~12 minutes old on the Cisco the RUT950 disappeared and showed up again working fine after about 90 seconds so I take this to mean the ping reboot worked.

Great.

Now, in the UI the minimum I can set the ping interval is 5 minutes which I am assuming is the "option time '5'" entry in the /etc/config/ping_reboot file.

What would happen if I set it to "option time 3", would that override the UI and put the interval at 3 minutes rather than 5?

Cheers,

john
by
That's really weird, have you made sure you're running the latest firmware version to avoid issues that were maybe already fixed?

In any case, ping reboot should detect if the ping is responsive to any direction, so even if the status says false - ping reboot should still work.

And yes, you can overwrite the value through uci or configuration file, WebUI value will be ignored.

EB.
by

Hi All:

This problem persists with FW ver.: RUT9XX_R_00.06.07.4.

We have installed the following extra packages on the router:

ip-full

openssh-sftp-server

ip-full is required to get a tap interface. Since my GRE setup is a bit "old" I can't use the menuing system but run everything from the rc.local file, here is what it looks like:

# Put your custom commands here that should be executed once

# the system init finished. By default this file does nothing.

ip tuntap add name tap0 mode tap

ip addr flush dev tap0

ip addr add 2.2.3.4/32 brd + dev tap0

ip tunnel add SOI mode gre remote 1.1.1.10 local 2.2.3.4 ttl 255

ip link set SOI mtu 1400

ip link set SOI up

ip addr add 192.168.194.13/30 peer 192.168.194.14 brd + dev SOI

sleep 5

/etc/init.d/ipsec restart

sleep 10

ip route add 192.168.0.0/16 dev SOI

exit 0

Now, here is the problem:

At some sites, the Cisco shows the router is connected. I can see the SA using the sh crypto session br command and its there.

But I cannot ping.

My guy at the side teamviewers in and the RUT950 shows ipsec status that the tunnel is. It also shows the GRE tunnel is up.

The Cisco shows the GRE tunnel is down.

Now this is fine because I have the pin_reboot script set to ping an address INSIDE the VPN so if I cannot ping I can just wait 4 minutes and the router will reboot.....but it doesn't. It just sits there, it does not reboot.

To fix this we need to send an SMS reboot command.

So, question: Why does the ping_reboot sometimes not work?

Cheers,

John