Hi all,
I am trying to create VPN's using linux firewalls that use free s/wan
(smoothwall/ipcop).
I have modified the firewall scripts slightly so I can use dynamic DNS (with
dyndns.org) to create the VPNs, and this works fine - the VPN tunnels come
up okay, and I can ping each side, run pc anywhere, etc.
Until - the ISDN line is dropped (life will be sooo much easier when ADSL
finally arrives here!).
When the line (immediately) comes back up, the firewall gains new IP
addresses. It updates dyndns appropriately, but the problem seems to be that
ipsec continues to use the original IP addresses it cached at the time of
creating the tunnel - and hence the tunnel stays down.
So, I think what I need is a command that I can run every minute or so via
cron, that will force ipsec to re-resolve the addresses stored in the
ipsec.conf file (the dynamic dns values are stored there not the resolved IP
addresses at the time) - something like 'ipsec resolve' maybe? :)
I had an email back from the developer saying "ipsec name resolution has
been turned off for a reason" but wouldn't elaborate on that reason... so
surely it is possible to enable name resolution with ipsec, possibly by
modifying the way ipsec is initially called? this would make much more
sense!
any ideas anybody? sorry if this makes no sense, I don't understand too much
about ipsec! but I would appreciate any comments on what I am trying to do!
I have a few VPNs up with these linux firewalls where ADSL is available, but
in this case ISDN is the best Internet connection on offer, so I am having
to try to butcher things :) I am having some success but am just stuck on
this last bit! (hey isn't it always the last bit?!!)
many thanks.
Regards,
Greg Conway.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST