[Openswan Users] vpn connection after internet reconnect

Paul Wouters paul at xelerance.com
Sat Nov 25 22:19:56 EST 2006


On Sun, 26 Nov 2006, Axel Thimm wrote:

> No, the nat box knows nothing about ipsec, it's the laptop that
> connects through the nat box to the outside.

Ohh, much simpler then.

> No, just the laptop and no l2tp. It all works until the natbox changes
> its external IP. then the "right" hosts sees the packages coming from
> a wrong IP and drops them.

Interesting. Michael, is there any reason to drop these? After all, we
are just disgarding the ESPinUDP header, so why would we care if it
came from another IP? It's just fancy wrapping paper. What we get after
decapsulation is an ESP packet with a source IP of the orignal NAT'ed
IP address, regardless what the NAT router's IP is.

> The DPD code works properly on the laptop
> and the connections is condered dead after the given amount of
> time. It just doesn't want to restart on the laptop, and I guess
> that's bug 452 on 2.4.6. So hopefully, once 2.4.7 is running I'll just
> confirm that it was this bug. :)

It should. Report a bug if it does not :)

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list