[Openswan Users] Tunnel won't shut down properly

tomk at runbox.com tomk at runbox.com
Fri Jan 14 10:20:47 CET 2005


I'm using Openswan to secure the wireless connection between my laptop and the rest of my network, which is based around an IPCop box. The laptop is a triple-boot machine running Debian sid, ArchLinux 0.7, and Windows 2000. It gets a static DHCP lease from IPCop, so it always has the same IP address, 10.12.62.99, regardless of OS. I have two X.509 VPNs from this machine via IPCop to GREEN and RED, one for Debian and one for Arch. Both tunnels are initiated from the laptop. I don't use a VPN with Windows. IPCop uses Openswan 1.0.7 with Kernel 2.4.27, the laptop uses Openswan 2.2.0 with kernel 2.6.9 (Debian) and 2.6.10 (Arch).

Here's the problem. If I boot into Debian and connect the Debian VPN, that works fine. However, if I then reboot into Arch or Windows, I can't connect to anything. Similarly with Debian and Windows, after using the Arch tunnel. AFAICS, the reason is that the routing table in IPCop retains the following entry:

10.12.62.99 10.12.62.99 255.255.255.255 UGH 0 0 0 ipsec1

which was created when I connected the Debian tunnel, even though that tunnel is now disconnected. As long as that entry is there, I can't get to anywhere else, including the IPCop web GUI. So the only solution is to make the necessary changes on the IPCop box directly, which defeats the purpose of having the wireless laptop.

Is there anything I can do on either the laptop or IPCop to ensure that my tunnels close down completely? I've already posted this on the IPCop list and web forum, but nobody seems to have any suggestions.


More information about the Users mailing list