[Openswan Users] [original Subject: routes not removed after
roadwarrior disconnect or timeout]
Bgs
bgs at bgs.hu
Wed Apr 12 21:13:13 CEST 2006
Hi,
>>I try to configure openswan+softremote in roadwarrior config. The connection
>>works well, but after a roadwarrior disconnects or the connection breaks in
>>some other way, the routes stay in the openswan boxes roueing table:
>>
>>80.xx.xx.xx via 80.yy.yy.yy dev ipsec0
>
>
> If you reconnect it should replace that, providing you have uniqueids=yes
The problem is that on the VPN box there are other services as well that
shold be reached through the public IP. But because of the above route
record, the back traffic goes into the ipsec0 device which will block it
because there is no definition for that traffic. So once a client
connects to the VPN box, it will not reach the other services until I
bring down the route or restart openswan... :(
>>I tried to add dead peer detection, but it had no effect. Any ideas what is
>>the problem? Is it openswan config or is it softremote?
>
>
> softremote might not support DPD.
That might indeed be a problem, I'm trying to find out right now...
OTOH, if DPD works by waiting for DPD replies, shouldn't the route
disappear after two minutes with the config I attached regardless of DPD
capability?
Why did my Subject disappear? I gave it a nice subject and the mail
still has it in my Sent box...
Bye
Bgs
More information about the Users
mailing list