[Openswan Users]

[Paul Wouters]

On Mon, 14 Mar 2005, Ilona Regev wrote:

> The problem begins when my physical interface goes down and then comes up
> again.
>
> After the interface comes up, I map the ipsec interface using the 'ipsec
> tncfg' command and that's fine.
> My problem is, that routes that were previously on the physical interfaces
> are now on the ipsec interface (I read somewhere that this is because the
> kernel looks for the first interface with a matching IP - which happens to
> be the ipsec interface).

Yes, that is a known problem. Luckilly this mostly happens to leave nodes on
ADSL/Cable with one VPN going out, or on machines with only a few static tunnels.
It's usually the pppX interface that vanishes and comes back in these cases.
(The same could happen with pcmcia/pccard systems, but those are also usually
setup to restart networking including vpns upon re-insert)

> Since many of my routes are dynamic (learnt via some routing protocol), I
> cannot manually set them each time (and its not just the default gateway
> that needs to be set).

That's a bgger problem then.

> The interface to be set to is also not a fixed interface (could vary
> according to the setup).

One work around I can imagine is to seperate the ppp0 interface from the
ipsec machine. Perhaps using a bridged setup with another ethernet segment
would work? I've never tried this approach though.

Paul