[Openswan Users] DPD kills Openswan?

Nick Howitt n1ck.h0w1tt at gmail.com
Fri Jul 13 09:35:29 EDT 2012


A few days ago I lost my internet connection. Once I restored it I 
noticed Openswan had exited. I had a brief look at the log then 
restarted ipsec, but unfortunately because I use the plutostderrlog for 
my log, it got overwritten on restart. What I saw in the log was a 
message to say an FQDN did not resolve so ipsec terminated. I have the 
following key bits in my set up:
right = an.FQDN
dpdaction = restart_by_peer

in ipsec.secrets:
@leftid an.FQDN : PSK "blabblah"

The reason I am using an FQDN is because DrayTek in their wisdom removed 
the ability to transmit a text Local ID (Openswan rightid) when using 
Main Mode with their more recent routers (but they have accepted a 
change request). The DrayTek is on a (not very) dynamic IP.

I believe dpd kicked in and tried to reload the conn and secrets, failed 
to resolve the FQDN then gave up and exited. If this is so, it is not a 
particularly friendly way of operating as your tunnels will not come 
back up automatically when your internet connection is restored.

I don't know if it is the FQDN in the conn or ipsec.secrets or both 
which is causing ipsec to exit. Would it be better for DPD to keep 
looping until the connection was restored?



More information about the Users mailing list