[Openswan Users] Dynamic IP change - Reestablish tunnel
Michael Thalmann
lists at s3u.de
Fri Jan 6 15:34:30 CET 2006
I am using the following setup:
Subnet (192.168.101.0/24)
|
Openswan Gateway (DynDNS home / 192.168.101.1)
|
Internet
|
Astaro Gateway (DynDNS office / 192.168.100.1)
|
Subnet (192.168.100.0/24)
When Home gets a new IP, after a few minutes the tunnel is reestablished
automatically. But when the remote endpoint (Astaro) gets a new IP, Home
tries the old IP forever. It seems that it resolves the dynamic DNS
office.gotdns.org once at startup and then never checks that again. I have
thought of using the leftupdown script to check for an IP change of the
remote endpoint and then restart ipsec.
Has anybody solved it that way or is there a more elegant solution?
ipsec.conf is as follows:
conn astaro
esp=aes,3des
keyingtries=0
leftid=@home.gotdns.org
left=192.168.101.1
leftsubnet=192.168.101.0/255.255.255.0
leftnexthop=192.168.101.254
leftcert=/etc/ipsec.d/certs/astaro_home_cert.pem
rightid=@office.gotdns.org
right=office.gotdns.org
rightsubnet=192.168.100.0/255.255.255.0
pfs=yes
authby=rsasig
auto=start
compress=yes
Thanks in advance for any advice.
More information about the Users
mailing list