[Openswan Users] DynDns UPDOWN script
Alexander Samad
alex at samad.com.au
Wed Oct 6 23:09:28 CEST 2004
Hey why not attach it to your dhcp client, both pump and dhcpclient have
hooks for this and then do the ipsec auto --replace, all the perameters
will be passed to the script in the env, no need to parse the syslog
A
On Wed, Oct 06, 2004 at 10:50:15AM +0100, Tiago Freitas Leal wrote:
> You can use
>
> janus watcher - Dynamic DNS watcher for FreeS/WAN & forks. Perl script that
> watches dynamic DNS hosts and replaces the connection when the IP address
> changes.
>
> http://sourceforge.net/projects/janus-watcher/
>
> ----- Original Message -----
> From: "Michael Schwartzkopff" <misch at multinet.de>
> To: <users at openswan.org>
> Sent: Wednesday, October 06, 2004 9:04 AM
> Subject: Re: [Openswan Users] DynDns UPDOWN script
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Am Mittwoch, 6. Oktober 2004 09:50 schrieb Sebastian Haas:
> > Hello ML,
> >
> > we have setup a tunnel between 2 VPN gateways with a dynamic dns updated
> > periodically via dyndns client.
> >
> > We've activated DPD and it works fine but if the IP changed the
> > corresponding VPN gateway uses always the old IP.
> >
> > I've read i can hook something in UPDOWN script to do a "ipsec auto
> > --replace" or similiar.
> >
> > What can i do? The Starter program (v0.2) from arkoon didn't work due to
> > a parser error while parsing "conn %default" and v0.3 didn't compile.
> >
> > best regards,
> > Sebastian Haas
>
> Hi,
>
> I have one static and one dynamic host. The problem is that the dynamic
> client
> can only use passwords. So I have to "replace" the connection every time the
> client tries to connect with a new IP address. See the script below. I hope
> this help a little bit ...
>
> #!/usr/bin/perl
> # this script is licensed under the terms of the GNU GPL.
>
> use File::Tail;
> use IO::Socket;
>
> %tabelle = (
> "xxx.dyndns.org" => "muc-netgear"
> );
>
> @gateways = keys %tabelle;
>
> $ipsec_log = '/var/log/messages' ;
>
> my $logref=tie(*LOG,"File::Tail",(name=>$ipsec_log,debug=>$debug));
>
> while (<LOG>) {
> if (/NO_PROPOSAL_CHOSEN/) {
> if (/to ([0123456789\.]+)/) {
> $address = $1;
> foreach $gateway (@gateways) {
> $gw_addr = inet_ntoa ((gethostbyname
> ($gateway))[4]);
> if ($address eq $gw_addr) {
> print "Found $gateway
> $tabelle{$gateway}\n";
> system ("echo $tabelle{$gateway}");
> system ("ipsec auto --replace
> $tabelle{$gateway}");
> }
> }
> };
> } ;
> } ;
>
> untie $logref ;
>
>
>
> - --
> Dr. Michael Schwartzkopff
> MultiNET Services GmbH
> Bretonischer Ring 7
> 85630 Grasbrunn
>
> Tel: (+49 89) 456 911 - 0
> Fax: (+49 89) 456 911 - 21
> mob: (+49 174) 343 28 75
>
> PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFBY6cEqndXpO3Yl5sRApBRAKCDvDjrz+rpT97A/uzg4B9S2ZTshACfTXmq
> x1DK2ii5NhE58H+2Aa32kGg=
> =WXBx
> -----END PGP SIGNATURE-----
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20041006/13deb700/attachment.bin
More information about the Users
mailing list