I-MO 520 Series Product Installation Manual - page 39
INSTALLATION MANUAL FOR THE EMS I-MO 540 SERIES APPLIANCE
Version
1.2
ELECTRONIC MEDIA SERVICES LIMITED
PASSFIELD BUSINESS CENTRE, LYNCHBOROUGH ROAD, LIPHOOK, HAMPSHIRE, GU30 7SB, UK
Tel: 01428 751655 | Fax: 01428 751654 | E-mail: imo@ems-uk.com
Page
39
of
58
sharedkey="imovpnsharedsecret"
# Do not autonegotiate connect, only accept the options set
phase1_combined_encrypt_hashing_dhmode_is_auto="no"
# Set the phase 1 encryption to 3des. Available options are 3des or aes
phase1encrypt="3des"
# Set the phase 1 hash to md5, available options are mds or sha1
phase1hashing="md5"
# Set the Diffie Hellman Group
phase1dhmode="modp1024"
# Lifetime in seconds
phase1lifetime_is_auto="no"
phase1lifetime="28800"
phase2_combined_encrypt_hashing_is_auto="yes"
phase2encrypt="3des"
phase2hashing="md5"
phase2pfs="no"
phase2lifetime_is_auto="no"
phase2lifetime="3600"
The [failover] section configures the failover from a primary to secondary or backup link. The router updates
the internal tables every "refresh" seconds and if the active link is down for "period" seconds then it will be
marked as unavailable.
A failover link can be a physical interface (e.g. eth0) or a tunnel (e.g. imo).
When an interface becomes active the “networks” option is used to update the routing table. This option is
either a CIDR (e.g. 192.168.0.1/24) or the value “default” which means all any traffic that does not match
another routing rule with be sent over this link.
In the following example eth1 is defined as the primary link. The interface is checked every 5 seconds and if
the eth1 is reported as down for 15 seconds the default route is switched to eth2.
[failover]
enabled="yes"
routerrefresh="5"
routerperiod="15"
networks="default" # (or a space separated list of CIDR)
tunnel="failovertunnel"
link0device="eth1"
link1device="eth2"
The values for “refresh” and “period” should be carefully considered. If the link has high latency, packet loss
then setting these values too low may cause the router to wrongly mark the link and down and start the start
failover process.
A heavily utilised or saturated link my cause packet loss or very high latency, if the “period” is set too low
then the router may wrongly mark the link as down. Once the failover has occurred the primary link will be-
come responsive again and it will be restored, which may lead to “flapping”.
For cellular based connections that suffer more packet loss than wired circuits the refresh should be 10 sec-
onds and the period of 40 to 60 seconds.