[Openswan Users] Firewall and OpenSwan

Paul Wouters paul at xelerance.com
Tue Sep 7 19:39:03 CEST 2004

On Tue, 7 Sep 2004, Laurent CARON wrote:

> I've got several VPN set up between a central server and a lot of 
> departemental servers(over the internet) connected via DSL.
> Sometimes, when a DSL connection goes down, and then UP the vpn is 
> reconnected for a few seconds, and then stops working.

I am assuming you are using KLIPS (you have ipsecX interfaces)

What happens is that your ppp interface goes away, and the binding
between ppp and ipsecX vanishes. This is not re-established on your
new ppp connection a few seconds later.

The work around I have in my 'checkadsl' scripts that restarts the
pptp tunnel (and create a new ppp interface as well) is:

if [ -f /var/run/pluto.pid ]
         echo "IPsec is running, fixing ipsec over ppp"
         echo "Detaching ipsec0 from previous ppp0 device"
         ipsec tncfg --detach --virtual ipsec0 > /dev/null 2> /dev/null
         echo "Attaching ipsec0 to new ppp0"
         ipsec tncfg --attach --virtual ipsec0 --physical ppp0

If you use this, and you get the same IP address when the ADSL comes
back up, you do not need to restart Openswan (freeswan).


More information about the Users mailing list