[Openswan Users] Tunnel goes down for no reason

Paul Wouters paul at xelerance.com
Tue Sep 11 09:00:23 EDT 2007


On Tue, 11 Sep 2007, Roland Plüss wrote:

> Sep 11 12:53:52 [pluto] "openswan-epserver" #2: STATE_QUICK_I2: sent
> QI2, IPsec SA established {ESP=>**** <**** xfrm=AES_0-HMAC_SHA1
> IPCOMP=>**** <**** NATD=none DPD=enabled}

So DPD is working.

> According to this DPD should be enabled. It's a bit random
> unfortunately. The last two days the tunnel had been up all time but
> before he went down and got stuck. Chances are though this is not DPD
> problem. Like mentioned I have a dynamic IP on one end ( for some
> unknown time, maybe I can fix this once ) and therefore I had to use an
> URL for this end-point.
> Can it be that OpenSwan chokes if the IP of one peer in an active tunnel
> suddenly changes IP?

Yes, that will not work.

> Should DPD not detect the tunnel failing and doing a restart?
> If so is the "URL" IP retrieved again or is it stuck with the old one?

It does a restart, but unfortunately does not do a new DNS lookup at this
point.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list