[Openswan Users] Firewall and OpenSwan

Laurent CARON lcaron at apartia.fr
Wed Sep 8 10:10:51 CEST 2004


Paul Wouters wrote:

> On Tue, 7 Sep 2004, Laurent CARON wrote:
>
>> I've got several VPN set up between a central server and a lot of 
>> departemental servers(over the internet) connected via DSL.
>>
>> Sometimes, when a DSL connection goes down, and then UP the vpn is 
>> reconnected for a few seconds, and then stops working.
>
>
> I am assuming you are using KLIPS (you have ipsecX interfaces)

no ipsecX interfaces (not on 2.4 nor on 2.6)

>
> What happens is that your ppp interface goes away, and the binding
> between ppp and ipsecX vanishes. This is not re-established on your
> new ppp connection a few seconds later.
>
> The work around I have in my 'checkadsl' scripts that restarts the
> pptp tunnel (and create a new ppp interface as well) is:
>
> if [ -f /var/run/pluto.pid ]
> then
>         echo "IPsec is running, fixing ipsec over ppp"
>         echo "Detaching ipsec0 from previous ppp0 device"
>         ipsec tncfg --detach --virtual ipsec0 > /dev/null 2> /dev/null
>         echo "Attaching ipsec0 to new ppp0"
>         ipsec tncfg --attach --virtual ipsec0 --physical ppp0
> fi
>
> If you use this, and you get the same IP address when the ADSL comes
> back up, you do not need to restart Openswan (freeswan).
>
> Paul




More information about the Users mailing list