IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] DynDNS, PGPNet, terminating connection

From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Tue Jul 23 2002 - 09:44:14 CEST

You can apply Mathieu Lafon's "Delete SA" patch for freeswan-1.97
mirrored at

   http://www.freeswan.ca/patches/

This patch will delete an IPsec or ISAKMP SA immediately upon reception
of a Delete Notification message. I hope that Mathieu will update his
patch for freeswan-1.98b since two hunks currently fail.

Regards

Andreas

Hassler, Jens wrote:
> Hi there,
>
> I successfully managed my dynamic DNS issue I mentionend a few days ago
> on this list. In case if anyone plans to do the same: These are the
> lines in the 'up-client' section of a special _updown script:
>
> DNS_HOST=`echo "$PLUTO_CONNECTION" | cut -d\- -f2`.vpn.wgw.wetzel.de.
> DNS_ADDR=`echo "$PLUTO_PEER_CLIENT" | cut -d\/ -f1`
> echo "server 193.98.35.55" > /tmp/dns.upd
> echo "update delete $DNS_HOST" >> /tmp/dns.upd
> echo "update add $DNS_HOST 300 A $DNS_ADDR" >> /tmp/dns.upd
> echo "send" >> /tmp/dns.upd
> /usr/bin/nsupdate < /tmp/dns.upd
>
>
> My roadwarrior connections are named in the form
> 'company_fw-roadwarrior' and/or 'company_net-roadwarriorname'. Upon
> connection these lines add a dynamic entry
> 'roadwarriorname.vpn.wgw.wetzel.de' to a special zone of our internal DNS.
>
> I have nearly equal commands for deleting an entry when the connection
> to the roadwarrior goes down. Unfortunately, FreeS/WAN is not willing to
> do this when it receives the appropriate message from PGPNet 7.1:
>
> Jul 23 08:13:43 firewall-gr Pluto[31445]: "company_net-Test"
> 149.225.90.4 #118: ignoring Delete SA payload
> Jul 23 08:13:43 firewall-gr Pluto[31445]: "company_net-Test"
> 149.225.90.4 #118: received and ignored informational message
>
> This is when I click 'disconnect' on the PGPNet side.
>
> The roadwarrior connection on FreeS/WAN side is deleted after six hours
> when rekeying occurs. Then the down-client section is called and my DNS
> entries are deleted.
>
> Well, I can live with that, but I'd like to see the connection going
> down when it's REALLY going down. This would give me also the chance to
> log how long a connection has been established to our roadwarriors.
>
> Is this a configuration issue or an unsolvable problem based on design?
>
> I hope someone is reading this, actually :-)
>
> Thx a lot!
> Jens

======================================================================
Andreas Steffen e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH phone: +41 76 340 25 56
Alter Zürichweg 20 home: http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:26 CEST