[Openswan Users] Problem recovering VPN after losing WAN

Nick Howitt n1ck.h0w1tt at gmail.com
Fri Oct 15 10:18:43 EDT 2010 

  Paul,

The Draytek is Always On and Dial Out only. It reconnects as soon as 
Openswan allows it, either by restarting ipsec or reloading the conn. I 
thought the DPD action should take care of it.

Regards,

NIck

On 15/10/2010 09:18, Paul Overton wrote:
> Nick,
>
> I would take a closer look at the Draytek....
>
> I have had the same experience with OpenSwan and Draytek a number of
> times over the last few years, they generally work better with the
> Draytek VPN services with "always on" and "dial out" only selected. Not
> ideal but can resolve some of these issues.
>
> Regards Paul
>
> -----Original Message-----
> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
> Behalf Of Nick Howitt
> Sent: 14 October 2010 21:09
> To: users at openswan.org
> Subject: [Openswan Users] Problem recovering VPN after losing WAN
>
>    Hi,
> I was on a bug hunt because I've noticed a problem when I lose my WAN.
> The symptoms are the WAN (cable modem or upstream) goes down the VPN
> reconnects but won't route traffic. I got nowhere with this because I
> hit something else.
>
> My set up is
> PC<-->  ClearOS 5.2/Openswan 2.6.29<-->  internet<-->  Draytek 2900 with
>
> VPN endpoint
>
> The Draytek router calls ClearOS. I have tried with DPD enabled and have
>
> tested with dpdaction = reset and clear and I have tried with DPD
> disabled. If I take down the ClearOS WAN with "ifdown eth0" and bring it
>
> back up again, the connection never comes back up again. To bring the
> connection back up I must restart ipsec or do an "ipsec auto --replace
> MumIn" and the VPN immediately restarts. To me the problem must be at
> the ClearOS/Openswan end but I've no idea where to go next with the
> troubleshooting.
>
> If it helps my sanitised conf is:
>
> version 2.0
>
> config setup
>       interfaces=%defaultroute
>       oe=no
>       protostack=netkey
>
> conn %default
>       type=tunnel
>       authby=secret
>       keyingtries=%forever
>       left=%defaultroute
>       leftsubnet=192.168.2.0/24
>       leftsourceip=192.168.2.1
>
> conn MumIn
>       auto=add
>       rekey=no
>       right=far.fqdn
>       rightsubnet=192.168.10.0/24
>       rightid=@FromMum
>       dpdtimeout=120
>       dpddelay=30
>       dpdaction=restart
>
> Can you help?
>
> Thanks,
>
> Nick
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list