[Openswan Users] Firewall and OpenSwan
Paul Wouters
paul at xelerance.com
Tue Sep 7 19:39:03 CEST 2004
On Tue, 7 Sep 2004, Laurent CARON wrote:
> I've got several VPN set up between a central server and a lot of
> departemental servers(over the internet) connected via DSL.
>
> Sometimes, when a DSL connection goes down, and then UP the vpn is
> reconnected for a few seconds, and then stops working.
I am assuming you are using KLIPS (you have ipsecX interfaces)
What happens is that your ppp interface goes away, and the binding
between ppp and ipsecX vanishes. This is not re-established on your
new ppp connection a few seconds later.
The work around I have in my 'checkadsl' scripts that restarts the
pptp tunnel (and create a new ppp interface as well) is:
if [ -f /var/run/pluto.pid ]
then
echo "IPsec is running, fixing ipsec over ppp"
echo "Detaching ipsec0 from previous ppp0 device"
ipsec tncfg --detach --virtual ipsec0 > /dev/null 2> /dev/null
echo "Attaching ipsec0 to new ppp0"
ipsec tncfg --attach --virtual ipsec0 --physical ppp0
fi
If you use this, and you get the same IP address when the ADSL comes
back up, you do not need to restart Openswan (freeswan).
Paul
More information about the Users
mailing list