[Openswan Users] Need to restart service when internet link fails
Matias Gut
matiasar at tournet.com.ar
Fri Aug 24 11:50:47 EDT 2007
Hello all!
I installed a vpn between openswan and a Cisco Pix. Everythings works fine.
The only trouble I need to solve is that when internet link fails (even
if it's a very short failure) the tunnel does not establish again, when
the internet connection returns.
In that cases I need to restart the service: /etc/init.d/ipsec restart
and then the tunnel is established.
Does anybody knows what could I do? Bellow is my config of the openswan
(ipsec.conf)
# /etc/ipsec.conf - OpenSWAN IPSec configuration file
#The version information is needed for OpenSWAN
version 2.0
# basic configuration
config setup
interfaces="ipsec0=eth1"
klipsdebug=all
plutodebug=all
nat_traversal=no
conn %default
keyingtries=0
# Add connections here
conn my_tunnel
type=tunnel
left=ip_linux_box
leftsubnet=192.168.1.0/24
leftnexthop=ip_default_gateway
right=public_ip_pix
rightsubnet=10.0.1.0/25
rightnexthop=ip_pix_gateway
ike=aes128-md5-modp1024
esp=aes128-md5
pfs=yes
keylife=28800s
ikelifetime=28800s
disablearrivalcheck=no
authby=secret
keyexchange=ike
auto=start
# Disable Opportunistic Encryption
# essential for inertoperating with Cisco devices
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
# End of config for disabling Opportunistic Encryption
Thanks in advance!
Matías
More information about the Users
mailing list