[Openswan Users] DDNS can not work
Ozai
ozai.tien at gmail.com
Fri Jul 27 06:55:52 EDT 2012
Dear Sirs,
I tested the openwan with DDNS feature.the test environment is as below.
The left side is the DDNS hostname.First time,the tunnel can work
smoothly.But If the IP address of hostname was changed by DDNS,The openswan2
always seem to used old IP address to make the connection.It did not seem to
change the IP address automatically to make the connection.Do you have any
suggestion on it?thank's.
192.168.1.x-------openswan1 with
DDNS----------openswan2-----------192.168.2.x
Best Regards,
Ozai
#
# cat ipsec.conf
config setup
nat_traversal=no
oe=off
protostack=netkey
interfaces=%defaultroute
conn test
left=1.169.145.217
leftsubnet=192.168.2.0/24
rightsubnet=192.168.1.0/24
connaddrfamily=ipv4
right=aaa.bbb.ccc
leftid=2.2.2.2
rightid=1.1.1.1
keyexchange=ike
ike=3des-md5;modp1024!
salifetime=480m
phase2=esp
phase2alg=3des-hmac_md5!
pfs=no
ikelifetime=60m
dpdaction=restart
dpddelay=180
dpdtimeout=5
type=tunnel
authby=secret
aggrmode=yes
auto=add
# cat ipsec.secrets
2.2.2.2 1.1.1.1 : PSK "12345"
#
#
# ipsec auto --status
000 using kernel interface: netkey
000 interface lo/lo ::1
000 interface br0/br0 2001:b010:7030:f801:204:edff:fe78:5678
000 interface ppp0.1/ppp0.1 2001:b010:7030:f800:951f:147d:d5d6:2361
000 interface lo/lo 127.0.0.1
000 interface br0/br0 192.168.2.254
000 interface ppp0.1/ppp0.1 1.169.145.217
000 %myid = (none)
000 debug none
000
000 virtual_private (%priv):
000 - allowed 0 subnets:
000 - disallowed 0 subnets:
000 WARNING: Either virtual_private= is not specified, or there is a syntax
000 error in that line. 'left/rightsubnet=vhost:%priv' will not
work!
000 WARNING: Disallowed subnets in virtual_private= is empty. If you have
000 private address space in internal use, it should be excluded!
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizema
x=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysize
max=192
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizem
ax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysize
max=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
keysizemin=128, k
eysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
keysizemin=128, k
eysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
keysizemin=128, k
eysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
keysizemin=128, k
eysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8,
keysizemin=128, k
eysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8,
keysizemin=128, k
eysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128,
keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160
, keysizemax=160
000 algorithm ESP auth attr: id=251, name=AUTH_ALGORITHM_NULL_KAME,
keysizemin=0
, keysizemax=0
000
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=19
2
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=12
8
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} at
trs={0,0,0}
000
000 "test":
192.168.2.0/24===1.169.145.217<1.169.145.217>[2.2.2.2]...1.171.252.2
36<aaa.bbb.ccc>[1.1.1.1]===192.168.1.0/24; prospective erouted; erout
e owner: #0
000 "test": myip=unset; hisip=unset;
000 "test": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuz
z: 100%; keyingtries: 0
000 "test": policy:
PSK+ENCRYPT+TUNNEL+AGGRESSIVE+IKEv2ALLOW+SAREFTRACK+lKOD+r
KOD; prio: 24,24; interface: ppp0.1;
000 "test": dpd: action:restart; delay:180; timeout:5;
000 "test": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "test": IKE algorithms wanted: 3DES_CBC(5)_000-MD5(1)_000-MODP1024(2);
fla
gs=strict
000 "test": IKE algorithms found: 3DES_CBC(5)_192-MD5(1)_128-MODP1024(2)
000 "test": ESP algorithms wanted: 3DES(3)_000-MD5(1)_000; flags=strict
000 "test": ESP algorithms loaded: 3DES(3)_192-MD5(1)_128
000
000 #6: "test":500 STATE_AGGR_I1 (sent AI1, expecting AR1); EVENT_RETRANSMIT
in
2s; nodpd; idle; import:respond to stranger
000 #6: pending Phase 2 for "test" replacing #2
<error
messgas>-----------------------------------------------------------------------------------------------
Jan 1 00:44:11 authpriv warn pluto[7794]: ERROR: asynchronous network error
report on ppp0.1 (sport=500) for message to 1.171.252.236 port 500,
complainant 1.171.252.236: Connection refused [errno 146, origin ICMP type 3
code 3 (not authenti
Jan 1 00:44:16 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:44:36 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
received Vendor ID payload [Dead Peer Detection]
Jan 1 00:44:36 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:44:51 authpriv warn pluto[7794]: "test" #4: max number of
retransmissions (5) reached STATE_AGGR_I1
Jan 1 00:44:51 authpriv warn pluto[7794]: "test" #4: starting keying
attempt 3 of an unlimited number
Jan 1 00:44:51 authpriv warn pluto[7794]: "test" #5: initiating Aggressive
Mode #5 to replace #4, connection "test"
Jan 1 00:44:51 authpriv warn pluto[7794]: ERROR: asynchronous network error
report on ppp0.1 (sport=500) for message to 1.171.252.236 port 500,
complainant 1.171.252.236: Connection refused [errno 146, origin ICMP type 3
code 3 (not authenti
Jan 1 00:45:16 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
received Vendor ID payload [Dead Peer Detection]
Jan 1 00:45:16 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:45:21 authpriv warn pluto[7794]: ERROR: asynchronous network error
report on ppp0.1 (sport=500) for message to 1.171.252.236 port 500,
complainant 1.171.252.236: Connection refused [errno 146, origin ICMP type 3
code 3 (not authenti
Jan 1 00:45:56 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:46:01 authpriv warn pluto[7794]: ERROR: asynchronous network error
report on ppp0.1 (sport=500) for message to 1.171.252.236 port 500,
complainant 1.171.252.236: Connection refused [errno 146, origin ICMP type 3
code 3 (not authenti
Jan 1 00:46:06 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:46:16 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
received Vendor ID payload [Dead Peer Detection]
Jan 1 00:46:16 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:46:36 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
received Vendor ID payload [Dead Peer Detection]
Jan 1 00:46:36 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:46:41 authpriv warn pluto[7794]: ERROR: asynchronous network error
report on ppp0.1 (sport=500) for message to 1.171.252.236 port 500,
complainant 1.171.252.236: Connection refused [errno 146, origin ICMP type 3
code 3 (not authenti
Jan 1 00:47:16 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:47:21 authpriv warn pluto[7794]: ERROR: asynchronous network error
report on ppp0.1 (sport=500) for message to 1.171.252.236 port 500,
complainant 1.171.252.236: Connection refused [errno 146, origin ICMP type 3
code 3 (not authenti
Jan 1 00:47:56 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:48:01 authpriv warn pluto[7794]: "test" #5: max number of
retransmissions (5) reached STATE_AGGR_I1
Jan 1 00:48:01 authpriv warn pluto[7794]: "test" #5: starting keying
attempt 4 of an unlimited number
Jan 1 00:48:01 authpriv warn pluto[7794]: "test" #6: initiating Aggressive
Mode #6 to replace #5, connection "test"
Jan 1 00:48:01 authpriv warn pluto[7794]: ERROR: asynchronous network error
report on ppp0.1 (sport=500) for message to 1.171.252.236 port 500,
complainant 1.171.252.236: Connection refused [errno 146, origin ICMP type 3
code 3 (not authenti
Jan 1 00:48:06 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:48:11 authpriv warn pluto[7794]: ERROR: asynchronous network error
report on ppp0.1 (sport=500) for message to 1.171.252.236 port 500,
complainant 1.171.252.236: Connection refused [errno 146, origin ICMP type 3
code 3 (not authenti
Jan 1 00:48:16 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:48:31 authpriv warn pluto[7794]: ERROR: asynchronous network error
report on ppp0.1 (sport=500) for message to 1.171.252.236 port 500,
complainant 1.171.252.236: Connection refused [errno 146, origin ICMP type 3
code 3 (not authenti
Jan 1 00:48:36 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:49:11 authpriv warn pluto[7794]: ERROR: asynchronous network error
report on ppp0.1 (sport=500) for message to 1.171.252.236 port 500,
complainant 1.171.252.236: Connection refused [errno 146, origin ICMP type 3
code 3 (not authenti
Jan 1 00:49:16 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:49:51 authpriv warn pluto[7794]: ERROR: asynchronous network error
report on ppp0.1 (sport=500) for message to 1.171.252.236 port 500,
complainant 1.171.252.236: Connection refused [errno 146, origin ICMP type 3
code 3 (not authenti
Jan 1 00:49:56 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:50:06 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
received Vendor ID payload [Dead Peer Detection]
Jan 1 00:50:06 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:50:16 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
received Vendor ID payload [Dead Peer Detection]
Jan 1 00:50:16 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:50:31 authpriv warn pluto[7794]: ERROR: asynchronous network error
report on ppp0.1 (sport=500) for message to 1.171.252.236 port 500,
complainant 1.171.252.236: Connection refused [errno 146, origin ICMP type 3
code 3 (not authenti
Jan 1 00:50:36 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
Jan 1 00:51:11 authpriv warn pluto[7794]: "test" #6: max number of
retransmissions (5) reached STATE_AGGR_I1
Jan 1 00:51:11 authpriv warn pluto[7794]: "test" #6: starting keying
attempt 5 of an unlimited number
Jan 1 00:51:11 authpriv warn pluto[7794]: "test" #7: initiating Aggressive
Mode #7 to replace #6, connection "test"
Jan 1 00:51:11 authpriv warn pluto[7794]: ERROR: asynchronous network error
report on ppp0.1 (sport=500) for message to 1.171.252.236 port 500,
complainant 1.171.252.236: Connection refused [errno 146, origin ICMP type 3
code 3 (not authenti
Jan 1 00:51:16 authpriv warn pluto[7794]: packet from 1.161.41.98:500:
initial Aggressive Mode message from 1.161.41.98 but no (wildcard)
connection has been configured with policy=PSK+AGGRESSIVE
More information about the Users
mailing list