[Openswan Users] Roaming user to Central site VPN or dynamic IP address to static IP address VPN..

Alejandro Correa linuxservers at gmail.com
Mon Nov 12 21:52:21 EST 2007

Hello everybody,
Is my first post here, and these are my first attempts with OpenSwan.
The VPN is between two Linksys boxes running OpenWRT 0.9 with OpenSwan
version 2.4.6-1.
The VPN type is Net To Net. One box is a pppoe dynamic IP address
(RoamingUser), and the other with a static IP address (CentralSite) .
The tunnel is working fine, except when the IP address of the
RoamingUser side change, when this happens, it cannot establish the
tunnel again, If I restart the IPSEC service in the Central Site the
VPN came up again and it works fine until the next IP addres change in
the Roaming User side..Is the only way that I find to restablish the
tunnel again.
For the dynamic IP address I create a dyndns account.
I have tried diferent parameters but I cannot fix this problem

this are my ipsec.conf files

version 2.0						version 2.0

##Roaming User						##Central Site (A.B.C.D)
config setup						config setup
        #plutowait=yes						#plutowait=yes
        klipsdebug="none"				      klipsdebug="none"
        #klipsdebug="yes"				      #klipsdebug="yes"
        plutodebug="none"				      plutodebug="none"
        #plutodebug="yes"				      #plutodebug="yes"
        nat_traversal=no					 nat_traversal=no
        interfaces=%defaultroute			     interfaces=%defaultroute	

conn tocentralsite					conn toroaminguser
        authby=secret						authby=secret
        auth=esp						  auth=esp
        pfs=yes							   pfs=yes
        keyexchange=ike					     keyexchange=ike
        ike=3des-md5-modp1024				ike=3des-md5-modp1024
        ikelifetime=3600					ikelifetime=3600
        keyingtries=%forever				      keyingtries=3
        keylife=3600						  keylife=3600
        rekey=yes						 rekey=no	
        esp=3des-md5					      esp=3des-md5
        type=tunnel						  type=tunnel
        left=%defaultroute				        left=%defaultroute
        leftnexthop=%defaultroute			   leftnexthop=%defaultroute
        leftid=@example.dyndns.org		        rightid=@example.dyndns.org
        right=A.B.C.D						right=example.dyndns.org	
        #rightnexthop=%defaultroute			 #rightnexthop=%defaultroute
        dpddelay=10						dpddelay=10
        dpdtimeout=30					       dpdtimeout=30
        dpdaction=restart				       dpdaction=clear
        auto=start						   auto=add
        #aggrmode=yes					     #aggrmode=yes
        #leftsourceip=			   #leftsourceip=

#Disable Opportunistic Encryption		       #Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf	   include

When the IP addres change the logread command show me this

##In the central site
Nov 12 08:45:44 VPNGW kern.warn pluto[822]: packet from received Vendor ID payload [Openswan (this
version) 2.4.6  X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Nov 12 08:45:44 VPNGW kern.warn pluto[822]: packet from received Vendor ID payload [Dead Peer Detection]
Nov 12 08:45:44 VPNGW kern.warn pluto[822]: packet from initial Main Mode message received on A.B.C.D:500
but no connection has been authorized

##In the Roaming user
Nov 12 08:21:53 VPN kern.warn pluto[6760]: "testvpn" #2: initiating
Main Mode to replace #1
Nov 12 08:23:53 VPN kern.warn pluto[6760]: pending Quick Mode with
A.B.C.D "testvpn" took too long -- replacing phase 1

I will apreciate any help.

Best regards


More information about the Users mailing list