[Openswan Users]

Andy fs at globalnetit.com
Wed Feb 8 13:17:31 CET 2006 

On Wed, 2006-02-08 at 10:49 +0800, Chen Lintao wrote:
> Hello World:
> 
>          I have two WAN connections ,  
> 
>          eth1  --  FIXEDIP
> 
>          eth2  --  PPPOE ( dynamic IP  and interfaces ppp0 , ppp1 ……) 
> 
>  
> 
> when eth2 PPPOE up , I can use certain conf below 
> 
> config setup
> 
>         interfaces="ipsec0=eth1 ipsec1=ppp0"
> 
I guess you're using KLIPS, if you need to control ipsec<n> mappings.
You may do better with NETKEY, it doesn't care about interfaces, just
addresses.
Using KLIPS I was able to do something similar by using the "ipsec
tncfg" command (see man ipsec_tncfg(1) for details) to reattach the
ipsec0 to ppp0 after the PPP interface got dropped and reconnected. I
think it only works if your IP address doesn't change.
I used the /etc/ppp/ip-up.local script hooks to do that.

If your PPP IP changes, I think you're out of luck, because pluto would
need to be restarted in order to bind to the new interface address.

>  
> 
> My Question is :
> 
> When eth2  reconnected , and  eth2 bounded  interface changed -->
> ppp1  ( not ppp0 before )

Do you know why the interface name changes? If the connection drops &
reconnects, it should still use ppp0. You may have a problem with your
pppoe setup, perhaps it's starting a new pppd process before the old one
has terminated.

> 
> how could I change  ipsec1 àppp1 without  modifying ipsec.conf again
> and  “ ipsec setup restart”
> 
> Because I have established VPN connections at ipsec0(eth1) and don’t
> want to break it .
> 
Maybe it's possible to run 2 pluto processes? You can control the
interfaces that pluto binds to with something like
config setup
  plutoopts="--interface eth1"

Probably by doing that you can start a pluto that just runs on eth1,
then have another on the PPP interface that can be stopped & started as
required.
I'm sure the supplied startup scripts won't do that though, you'll have
to do some custom stuff.

Good luck...

> 
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
-- 
Andy <fs at globalnetit.com>

More information about the Users mailing list