[Openswan Users] Roaming user to Central site VPN or dynamic IP address to static IP address VPN..
Paul Wouters
paul at xelerance.com
Tue Nov 13 00:40:19 EST 2007
On Mon, 12 Nov 2007, Alejandro Correa wrote:
> Hello everybody,
> Is my first post here, and these are my first attempts with OpenSwan.
> The VPN is between two Linksys boxes running OpenWRT 0.9 with OpenSwan
> version 2.4.6-1.
> The VPN type is Net To Net. One box is a pppoe dynamic IP address
> (RoamingUser), and the other with a static IP address (CentralSite) .
> The tunnel is working fine, except when the IP address of the
> RoamingUser side change, when this happens, it cannot establish the
> tunnel again, If I restart the IPSEC service in the Central Site the
> VPN came up again and it works fine until the next IP addres change in
> the Roaming User side..Is the only way that I find to restablish the
> tunnel again.
> For the dynamic IP address I create a dyndns account.
> I have tried diferent parameters but I cannot fix this problem
You will need to restart the tunnel on the clients in your "my ip
just changed" script. This can be /etc/ppp/ip-up.d/restart_ipsec
where in restart_ipsec, you do something like:
#!/bin/sh
ipsec auto --replace tocentralsite
ipsec auto --up tocentralsite
--replace is needed if your IP has changed, it reloads the connection.
You want to enable DPD on both ends using dpdaction=, dpdtimeout= and
dpddelay=. On the server end you want dpdaction=clear, on the client
dpdaction=restart
Your central server should also have rekey=no (it cannot rekey to dynamic ips)
More information about the Users
mailing list