Hi All:
This problem persists with FW ver.: RUT9XX_R_00.06.07.4.
We have installed the following extra packages on the router:
ip-full
openssh-sftp-server
ip-full is required to get a tap interface. Since my GRE setup is a bit "old" I can't use the menuing system but run everything from the rc.local file, here is what it looks like:
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
ip tuntap add name tap0 mode tap
ip addr flush dev tap0
ip addr add 2.2.3.4/32 brd + dev tap0
ip tunnel add SOI mode gre remote 1.1.1.10 local 2.2.3.4 ttl 255
ip link set SOI mtu 1400
ip link set SOI up
ip addr add 192.168.194.13/30 peer 192.168.194.14 brd + dev SOI
sleep 5
/etc/init.d/ipsec restart
sleep 10
ip route add 192.168.0.0/16 dev SOI
exit 0
Now, here is the problem:
At some sites, the Cisco shows the router is connected. I can see the SA using the sh crypto session br command and its there.
But I cannot ping.
My guy at the side teamviewers in and the RUT950 shows ipsec status that the tunnel is. It also shows the GRE tunnel is up.
The Cisco shows the GRE tunnel is down.
Now this is fine because I have the pin_reboot script set to ping an address INSIDE the VPN so if I cannot ping I can just wait 4 minutes and the router will reboot.....but it doesn't. It just sits there, it does not reboot.
To fix this we need to send an SMS reboot command.
So, question: Why does the ping_reboot sometimes not work?
Cheers,
John