[Openswan Users] Firewall and OpenSwan
Laurent CARON
lcaron at apartia.fr
Wed Sep 8 10:10:51 CEST 2004
Paul Wouters wrote:
> On Tue, 7 Sep 2004, Laurent CARON wrote:
>
>> I've got several VPN set up between a central server and a lot of
>> departemental servers(over the internet) connected via DSL.
>>
>> Sometimes, when a DSL connection goes down, and then UP the vpn is
>> reconnected for a few seconds, and then stops working.
>
>
> I am assuming you are using KLIPS (you have ipsecX interfaces)
no ipsecX interfaces (not on 2.4 nor on 2.6)
>
> What happens is that your ppp interface goes away, and the binding
> between ppp and ipsecX vanishes. This is not re-established on your
> new ppp connection a few seconds later.
>
> The work around I have in my 'checkadsl' scripts that restarts the
> pptp tunnel (and create a new ppp interface as well) is:
>
> if [ -f /var/run/pluto.pid ]
> then
> echo "IPsec is running, fixing ipsec over ppp"
> echo "Detaching ipsec0 from previous ppp0 device"
> ipsec tncfg --detach --virtual ipsec0 > /dev/null 2> /dev/null
> echo "Attaching ipsec0 to new ppp0"
> ipsec tncfg --attach --virtual ipsec0 --physical ppp0
> fi
>
> If you use this, and you get the same IP address when the ADSL comes
> back up, you do not need to restart Openswan (freeswan).
>
> Paul
More information about the Users
mailing list