[Openswan Users] Dynamic DNS and multiple Road Warrior tunnel problem
Curu Wong
prinbra at gmail.com
Mon Jul 11 01:28:28 EDT 2011
Dear all.
I am using Openswan 2.6.33 on CentOS 5. and have two tunnel definition,
here's some excerpt from gw2:
conn gw1-gw2:
right=mygw1xx.dyndns.org
...
conn l2tp-x509:
right=%any
I think other part of the configuration is not related to my problem, so not
include them here.
And here's the problem I am facing. My gw1 connects to the Internet with
ADSL, which changes its IP address regularly. I have setup gw1 to restart
ipsec service every time its IP has changed.
However, the restart seems couldn't solve the problem. from /var/log/secure,
I noticed that when gw1's IP changed, all its connection will then be
processed by the l2tp-x509 connection, which will definitelly fail. As a
result, the tunnel between gw1 and gw2 can't be established again, unless I
restart the ipsec service on gw2 manually.
I have also tried to set both conn's right to %any. Which will then work
fine. However, all incoming ipsec negotiate will first be processed by conn
gw1-gw2, if it fails, then processed by conn l2tp-x509 and succeed. But I
don't like this, because many of my ipsec connection will come from road
warrior, not gw1.
Can anyone please tell me if my configuration is bad? Or how can I fix this
problem elegantly?
Many thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110711/2604b761/attachment.html
More information about the Users
mailing list