[Openswan Users] Routing Issue
Luis Nagaki
luis.nagaki at gmail.com
Tue Jun 5 19:43:15 EDT 2012
i actually found a site that had a howto for an iphone setup. which is
not what i want but i followed it but still nothing works.
i have in my vpnclient.conf on the client and server side..file
dpdaction=restart_by_peer b/c i have auto=start
when i reboot or restart the service on the client side, the routes
are gone. its not until i reboot the service on the server that the
routes come back =|.. im ALMOST there.. just need to fix this one
thing.
On Tue, Jun 5, 2012 at 7:18 PM, David McCullough
<david_mccullough at mcafee.com> wrote:
> Jivin Luis Nagaki lays it down ...
>> How do i turn it on? Ive looked around for this option w no luck :/
>
> You need to set "dpdaction" to restart_by_peer for any end-points
> with "auto = start", and set it to "clear" for any with "auto = add".
>
> The basic idea is that if the end point you are configuring knows the IP
> address of the remote end point, then you want restart_by_peer, otherwise
> you want clear.
>
> You can change the timesouts for DPD if you want but I would just go with
> the defaults for now, see here:
>
> http://linux.die.net/man/5/ipsec.conf
>
> Look for dpddelay, dpdtimeout and dpdaction.
>
> Cheers,
> Davidm
>
>>
>>
>>
>> On Jun 5, 2012, at 6:54 PM, David McCullough
>> <david_mccullough at mcafee.com> wrote:
>>
>> >
>> > Jivin Luis Nagaki lays it down ...
>> >> Ok everything is working..
>> >>
>> >> But.. final thing..
>> >>
>> >> IF i have the clients connected, and i reboot a client... once it
>> >> comes back online the tunnel is created, i can ping the VPN Server
>> >> internally. BUT i can not ping the client UNLESS i restart the ipsec
>> >> service. I dont want to do this everytime i lose a connection etc.
>> >
>> > Do you have dead peer detection enabled ? If not that should solve it for
>> > you,
>> >
>> > Cheers,
>> > Davidm
>> >
>> > --
>> > David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
>> > McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
>>
>>
>
> --
> David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
> McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
More information about the Users
mailing list