[Openswan Users] DPD kills Openswan?
Nick Howitt
n1ck.h0w1tt at gmail.com
Fri Jul 13 09:35:29 EDT 2012
Hi,
A few days ago I lost my internet connection. Once I restored it I
noticed Openswan had exited. I had a brief look at the log then
restarted ipsec, but unfortunately because I use the plutostderrlog for
my log, it got overwritten on restart. What I saw in the log was a
message to say an FQDN did not resolve so ipsec terminated. I have the
following key bits in my set up:
right = an.FQDN
dpdaction = restart_by_peer
in ipsec.secrets:
@leftid an.FQDN : PSK "blabblah"
The reason I am using an FQDN is because DrayTek in their wisdom removed
the ability to transmit a text Local ID (Openswan rightid) when using
Main Mode with their more recent routers (but they have accepted a
change request). The DrayTek is on a (not very) dynamic IP.
I believe dpd kicked in and tried to reload the conn and secrets, failed
to resolve the FQDN then gave up and exited. If this is so, it is not a
particularly friendly way of operating as your tunnels will not come
back up automatically when your internet connection is restored.
I don't know if it is the FQDN in the conn or ipsec.secrets or both
which is causing ipsec to exit. Would it be better for DPD to keep
looping until the connection was restored?
Regards,
Nick
More information about the Users
mailing list