[Openswan Users] openswan and dynamic ip

John McMonagle johnm at advocap.org
Tue Aug 3 14:37:02 CEST 2004

A couple similar questions but this time for the local end.

Again this is on 2.6 kernel native ipsec

If the only local inet ip is dynamic and one is using  %defaultroute is 
any intervention required?

If one has more than one local inet connection and one is dynamic and 
the ip changes can one  fix with ipsec auto --replace?



Paul Wouters wrote:
> On Thu, 1 Jul 2004, John McMonagle wrote:
>>In a couple cases it is dynamic ip  <=> dynamic ip.
>>I do have dynamic dns setup.
>>In freeswan I had to reload the remote connections when the ip changed.
>>Just wondering is there is a better way to deal with this now?
> No there isn't. But in recent openswan versions there is dead peer detection.
> So it is much easier to kill the tunnels that are unusuable because one end
> of the tunnel changed. Then with hooks into the _updown scripts, you could
> ipsec auto --replace the connection so pluto will pick up the new IP from
> dyndns.
> Paul

More information about the Users mailing list