I have 2 AWS regions I have connected using an OpenSWAN IPSec tunnel. This works great in our production environment but in our test environment where 1 of the regions has long periods of inactivity, the tunnel will go down and I have to SSH to the server and run sudo service network restart
to get it running again.
I have seen vaguely alluded to elsewhere that by design IPSec will do this, but I can't see any hard and fast rules in any of the .conf files that specify any kind of tunnel timeout?
Is this just a feature of IPSec, can anyone point me to any OpenSWAN/IPSec documentation that explains this in depth as I can't find anything conclusive?
Also, based on this, is it best practice to have a cron job constantly pinging through the tunnel to keep it perpetually up?
Many Thanks,