Oliver Joa wrote:
> i don't think it is so simple. i have a similiar situation and a huge
> problem: i have a laptop with a wireless card in it, so when i start the
> tunnel everything works fine, but when i take it down and up again, for
> example after setting the laptop in suspend-mode, the tunnel will not
> get up again. i have figured out why: it is because the route to the
> laptop on the router is still there, over the ipsec-interface. so the
> laptop will initiate the tunnel, but the router sends the packets back
> over the ipsec-interface, which doesn't work, because the tunnel is
> down. i could solve this problem by installing a script which
> automatically removes the route.
I have the *exact* same problem.. Basically if for any reason the tunnel is
terminated on the laptops side ipsec has to be restarted on the other side,
I don't know if this is *normal* but it certainly happens here too. :(
I have a cron script which pings my laptop from the workstation (other end
of the tunnel) every minute, if it gets no response it waits a few seconds,
tries again, does this three times, still no response, it restarts ipsec.
This is by far less than ideal, but the best solution I could come up with.
This way I don't have to come upstairs and reset ipsec myself.
With you, if I try to restart the tunnel from this side (ipsec auto --up
wireless) it fails (although not sure exactly what the failure is right now,
I just recently got freeswan working again, new wireless drivers, old ones
tended to freeze up and freeswan became a pain with restarting the tunnel)
I'll post my config, the other config is exactly the same, with the
appropriate places changed to match the other side of the tunnel, etc.
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
# RSA authentication with keys from DNS.
authby=rsasig
leftrsasigkey=%dns
rightrsasigkey=%dns
conn wireless
# Left security gateway, subnet behind it, next hop toward right.
left=192.168.1.6
leftsubnet=0.0.0.0/0
#leftsubnet=192.168.1.0/24
leftnexthop=
# Right security gateway, subnet behind it, next hop toward left.
right=192.168.1.9
rightnexthop=
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
auto=add
-- Walter Francis http://theblackmoor.net Powered by Red Hat Linux 7.2_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:45 CEST