[Openswan Users] Question on DPD
Nick Howitt
n1ck.h0w1tt at gmail.com
Tue Nov 22 13:09:28 EST 2011
Paul,
I have not checked that it has or has not worked recently as the remote
end has not changed IP address for over a year now. I need to think of a
way of forcing it, but I'm not sure how to bar going there and changing
the MAC address in the router and power-cycling the cable modem. I know
it did not work in the past but was not aware that the dpdaction
behaviour had changed. I guess I'll just have to wait and see.
Regards,
Nick
On 22/11/2011 17:11, Paul Wouters wrote:
> On Tue, 22 Nov 2011, Nick Howitt wrote:
>
>> I have a conn with the far end on a (not very) dynamic IP which I know
>> is not ideal. I would like to initiate the conn from my end so I have
>> "right=far.end.fqdn" which is fine and works until the far IP changes.
>> If the far IP changes I don't think using dpdaction=restart will
>> re-evaluate the fqdn. Is this correct? If that is the case do I need a
>> watching script to detect when a change of IP happens? ipsec.secrets is
>> fine as I use @rightid.
>
> In modern versions with the USE_DYNAMICDNS enabled (the default) it
> should
> do that. Are you sure the configured DNS server is not behind the tunnel
> that just died?
>
> Paul
More information about the Users
mailing list