[Openswan Users] vpn connection after internet reconnect

Andy fs at globalnetit.com
Mon Jan 16 02:00:54 CET 2006


On Sun, 2006-01-15 at 23:51 +0100, Paul Wouters wrote:
> On Sun, 15 Jan 2006, Andreas Lüdtke wrote:
> 
> > My internet provider is dropping my dsl line every 24 hours. After such a dsl reconnect,
> > the vpn connection can only be re-established by stopping/starting Openswan.
> > These are the error messages I get:
> >
> > Jan 15 05:57:16 (none) kern.warn pluto[6220]: "COMPANY" #25: ISAKMP SA expired (LATEST!)
> > Jan 15 05:59:10 (none) kern.warn pluto[6220]: "COMPANY" #26: max number of retransmissions
> > (20) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE
> > message
> > Jan 15 05:59:10 (none) kern.warn pluto[6220]: "COMPANY" #26: starting keying attempt 2 of
> > an unlimited number
> > Jan 15 05:59:10 (none) kern.warn pluto[6220]: "COMPANY" #27: initiating Main Mode to
> > replace #26
> >
> > I help myself in running a cron job that will stop ipsec before the dsl line disconnects,
> > and that start ipsec after the dsl is back online.
> >
> > Is there a better way of doing this (without stopping/starting ipsec)?
> 
> Use a custom _updown script using leftupdown=/path/to/your/script
> 
Will the updown script be run here? It's run when the IPsec SA changes
state, isn't it?
These logs show the IKE SA has expired, not the IPsec SA. By default the
IPsec lifetime is much longer.

Anyway, I suspect the public IP changes when the DSL reconnects. I
believe you have to restart pluto in that case so it binds to the new
address. I have DSL also and that's how it works for me. I just run the
appropriate stuff from the PPP ip-up script.

> See /usr/lib/ipsec/_updown as a reference to build on.
> 
> Paul
> _______________________________________________ Users mailing list Users at openswan.org http://lists.openswan.org/mailman/listinfo/users
-- 
Andy <fs at globalnetit.com>



More information about the Users mailing list