RE: [Users] Automatically bringing up linux-linux VPN

From: Sam Sgro (sam_at_freeswan.org)
Date: Thu Jan 02 2003 - 22:36:01 CET

• Next message: Daniel Djamaludin: "[Users] Confused about RSA signatures"
• Previous message: Segree, Gareth: "RE: [Users] Automatically bringing up linux-linux VPN"
• In reply to: Segree, Gareth: "RE: [Users] Automatically bringing up linux-linux VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 2 Jan 2003, Segree, Gareth wrote:

> Sam I have a working config but what happens from time to time is that the
> ADSL at the remote requests a new DHCP address at different intervals and
> when it receives the new address a VPN connection can't be re-establish with
> the main office.
>
> What I've done is to create a script that pings a server at the main office
> and when the server cannot be contacted the ipsec service is restarted.

Why ping? Just "sync" the ipsec service with your pppoe client? Here's an
example of how you can do this:

http://lists.freeswan.org/pipermail/design/2002-July/003070.html
 
Use the /etc/ppp/ip-up.local & ip-down.local scripts to do this.

> Now what I have noticed is that I am able to ping the server from the remote
> firewall (after the new DHCP lease is renewed. Therefore no service ipsec
> restart is done at the remote office) but the clients behind it can't
> therefore they are unable to access services at the main office.

I'm surprised you get any connectivity until you've issued a "service ipsec
restart".

Perhaps this is at issue: the old connection doesn't get immediately dropped,
and packets to the remote gateway's subnet still get shunted to the old IP. In
any case, you'll want to use "uniqueids=yes", to ensure that the existing
connection gets taken down as the new one is negotiated; see the man page for
ipsec.conf.

- --
Sam Sgro
sam_at_freeswan.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.

iQCVAwUBPhSww0OSC4btEQUtAQEOZQP+N979C/mAHscZSYXsWTDuVN8kFOXttQTw
wCvIRkGHgzbclW8a47yLoJPfexegWpg9gBNESbpIYDpmVZ15ddxQaxLAS8//x0X+
jH4J9dC4poR5ijlkR8AU192rlq2UDuaCs1ErqLG51ElFOEl/BSPKj3Rd1UmtWS6h
85Os88lBh54=
=Y5nZ
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Daniel Djamaludin: "[Users] Confused about RSA signatures"
• Previous message: Segree, Gareth: "RE: [Users] Automatically bringing up linux-linux VPN"
• In reply to: Segree, Gareth: "RE: [Users] Automatically bringing up linux-linux VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Jan 03 2003 - 05:21:08 CET