[Openswan Users] Problem recovering VPN after losing WAN

Paul Overton paul at trusted-management.com
Fri Oct 15 04:18:04 EDT 2010


Nick,

I would take a closer look at the Draytek....

I have had the same experience with OpenSwan and Draytek a number of
times over the last few years, they generally work better with the
Draytek VPN services with "always on" and "dial out" only selected. Not
ideal but can resolve some of these issues.

Regards Paul

-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Nick Howitt
Sent: 14 October 2010 21:09
To: users at openswan.org
Subject: [Openswan Users] Problem recovering VPN after losing WAN

  Hi,
I was on a bug hunt because I've noticed a problem when I lose my WAN. 
The symptoms are the WAN (cable modem or upstream) goes down the VPN 
reconnects but won't route traffic. I got nowhere with this because I 
hit something else.

My set up is
PC <--> ClearOS 5.2/Openswan 2.6.29 <--> internet <--> Draytek 2900 with

VPN endpoint

The Draytek router calls ClearOS. I have tried with DPD enabled and have

tested with dpdaction = reset and clear and I have tried with DPD 
disabled. If I take down the ClearOS WAN with "ifdown eth0" and bring it

back up again, the connection never comes back up again. To bring the 
connection back up I must restart ipsec or do an "ipsec auto --replace 
MumIn" and the VPN immediately restarts. To me the problem must be at 
the ClearOS/Openswan end but I've no idea where to go next with the 
troubleshooting.

If it helps my sanitised conf is:

version 2.0

config setup
     interfaces=%defaultroute
     oe=no
     protostack=netkey

conn %default
     type=tunnel
     authby=secret
     keyingtries=%forever
     left=%defaultroute
     leftsubnet=192.168.2.0/24
     leftsourceip=192.168.2.1

conn MumIn
     auto=add
     rekey=no
     right=far.fqdn
     rightsubnet=192.168.10.0/24
     rightid=@FromMum
     dpdtimeout=120
     dpddelay=30
     dpdaction=restart

Can you help?

Thanks,

Nick
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by Trusted Management Limited, and is
believed to be clean.



More information about the Users mailing list