[Openswan Users] DPD kills Openswan?
n1ck.h0w1tt at gmail.com
Fri Jul 13 09:35:29 EDT 2012
A few days ago I lost my internet connection. Once I restored it I
noticed Openswan had exited. I had a brief look at the log then
restarted ipsec, but unfortunately because I use the plutostderrlog for
my log, it got overwritten on restart. What I saw in the log was a
message to say an FQDN did not resolve so ipsec terminated. I have the
following key bits in my set up:
right = an.FQDN
dpdaction = restart_by_peer
@leftid an.FQDN : PSK "blabblah"
The reason I am using an FQDN is because DrayTek in their wisdom removed
the ability to transmit a text Local ID (Openswan rightid) when using
Main Mode with their more recent routers (but they have accepted a
change request). The DrayTek is on a (not very) dynamic IP.
I believe dpd kicked in and tried to reload the conn and secrets, failed
to resolve the FQDN then gave up and exited. If this is so, it is not a
particularly friendly way of operating as your tunnels will not come
back up automatically when your internet connection is restored.
I don't know if it is the FQDN in the conn or ipsec.secrets or both
which is causing ipsec to exit. Would it be better for DPD to keep
looping until the connection was restored?
More information about the Users