On Wed, 20 Mar 2002, Walter Francis wrote:
> Oliver Joa wrote:
>
> > i don't think it is so simple. i have a similiar situation and a huge
> > problem: i have a laptop with a wireless card in it, so when i start the
> > tunnel everything works fine, but when i take it down and up again, for
> > example after setting the laptop in suspend-mode, the tunnel will not
> > get up again. i have figured out why: it is because the route to the
> > laptop on the router is still there, over the ipsec-interface. so the
> > laptop will initiate the tunnel, but the router sends the packets back
> > over the ipsec-interface, which doesn't work, because the tunnel is
> > down. i could solve this problem by installing a script which
> > automatically removes the route.
>
> I have the *exact* same problem.. Basically if for any reason the tunnel is
> terminated on the laptops side ipsec has to be restarted on the other side,
> I don't know if this is *normal* but it certainly happens here too. :(
Yes, someone in the list mentioned that he does not have the problem, but
i don't know how he did it.
> I have a cron script which pings my laptop from the workstation (other end
> of the tunnel) every minute, if it gets no response it waits a few seconds,
> tries again, does this three times, still no response, it restarts ipsec.
> This is by far less than ideal, but the best solution I could come up with.
> This way I don't have to come upstairs and reset ipsec myself.
I have set the rekeying interval to a very small time, about 2 minutes. so
wenn the router wants to rekey and the laptop is down it doesn't work, so
it sees that the tunnel is down. In the updown-script i have put in a
command to take down the route. It seems to work pretty well. The one
Prolem is, that every 2 minute a new key is generated, which costs a lot
of CPU.
Regards
Oliver
>
> With you, if I try to restart the tunnel from this side (ipsec auto --up
> wireless) it fails (although not sure exactly what the failure is right now,
> I just recently got freeswan working again, new wireless drivers, old ones
> tended to freeze up and freeswan became a pain with restarting the tunnel)
>
> I'll post my config, the other config is exactly the same, with the
> appropriate places changed to match the other side of the tunnel, etc.
>
> config setup
> # THIS SETTING MUST BE CORRECT or almost nothing will work;
> # %defaultroute is okay for most simple cases.
> interfaces=%defaultroute
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> klipsdebug=none
> plutodebug=none
> # Use auto= parameters in conn descriptions to control startup actions.
> plutoload=%search
> plutostart=%search
> # Close down old connection when new one using same ID shows up.
> uniqueids=yes
> # defaults for subsequent connection descriptions
>
> conn %default
> # How persistent to be in (re)keying negotiations (0 means very).
> keyingtries=0
> # RSA authentication with keys from DNS.
> authby=rsasig
> leftrsasigkey=%dns
> rightrsasigkey=%dns
>
> conn wireless
> # Left security gateway, subnet behind it, next hop toward right.
> left=192.168.1.6
> leftsubnet=0.0.0.0/0
> #leftsubnet=192.168.1.0/24
> leftnexthop=
> # Right security gateway, subnet behind it, next hop toward left.
> right=192.168.1.9
> rightnexthop=
> # To authorize this connection, but not actually start it, at startup,
> # uncomment this.
> auto=add
>
> --
> Walter Francis
> http://theblackmoor.net Powered by Red Hat Linux 7.2
>
>
-- ojoa_at_gatrixx.com * ojoa_at_gmx.net * ojoa_at_yahoo.com * o.joa_at_web.de/"\ \ / ASCII RIBBON CAMPAIGN X AGAINST HTML EMAIL / \ AND POSTINGS
_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:45 CEST