=?gb2312?B?tPC4tDogW09wZW5zd2FuIFVzZXJzXQ==?=

Chen Lintao chenlt at icevpn.org
Thu Feb 9 17:17:44 CET 2006


Summary :
1. when ppp interfaces changes, using "ipsec tncfg" to change KLIPS =
mapping=20
2. when ppp pip changes=20
	1) using "ipsec whack --listen" refresh listening ip ipaddress
	2) script "ipsec auto --replace yourconn ; ipsec auto --up yourconn"

That's clear ??

-----=D3=CA=BC=FE=D4=AD=BC=FE-----
=B7=A2=BC=FE=C8=CB: Paul Wouters [mailto:paul at xelerance.com]=20
=B7=A2=CB=CD=CA=B1=BC=E4: 2006=C4=EA2=D4=C29=C8=D5 14:39
=CA=D5=BC=FE=C8=CB: Chen Lintao
=B3=AD=CB=CD: fs at globalnetit.com; users at openswan.org
=D6=F7=CC=E2: Re: [Openswan Users]

On Thu, 9 Feb 2006, Chen Lintao wrote:

> Maybe this is one way out . Run individual Pluto on each interface . I
will
> try

You must not attempt this. If one pluto would restart it would nuke all =
the
IPsec SA's the kernel has, because it will not be aware of a second =
pluto.

If your own ip changes, you will need to somehow restart the connection.
eg script "ipsec auto --replace yourconn ; ipsec auto --up yourconn".

Paul



More information about the Users mailing list