[Openswan Users] vpn connection after internet reconnect

Paul Wouters paul at xelerance.com
Sat Nov 25 11:23:09 EST 2006

On Sat, 25 Nov 2006, Axel Thimm wrote:

> What if the firewall connecting to DSL and the endpoint of the ipsec
> connection are not the same (and therfore there is no triggering event
> from pppoe to reconnect)? I currently connect with a host within the
> network and when the firewall changes its IP (due to DSL reconnect),
> the internal host never reconnects w/o manually restaring ipsec. Until
> I find out all TCP connections through ipsec have timed out and have
> been torn down :(
> Is there a way to force reconnects when there is a given timeout? Or

If both ends support it, you can enable Dead Peer Detection. It will
cause the tunnel to recover faster. But if your IP changes, then
currently you will need to reload your connection. You can do this
using a custom updown script using leftupdown=/some/script.sh

> should I better move the ipsec endpoint to the firewall, so that I
> have a triggering event to reconnect? I'd prefer to keep it on the
> roadwarrier laptop, though.

I am not sure if I understand your setup. You can have an ipsec
endpoint on your firewall, your laptop, or both.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list