[Openswan Users] Openswan xl2tpd option to delete ipsec conn if pppd goes down

Paul Wouters paul at nohats.ca
Mon Mar 19 09:03:54 EDT 2012


On Sat, 17 Mar 2012, Sven Schiwek wrote:

> is there an option to immediately delete the ipsec connection if the xl2tpd pppd goes down (because of pppd DPD)?

you could attempt something in ppp.down scripts, but it is tricky to
delete the right instance of the tunnel, and it should not be needed.

> I have the problem that sometimes pppd goes down because of a bad internet connection (~2 min. downtime) but the ipsec connection remains up until ipsec DPD recognizes that the connection is dead. I have a dpddelay=40 and a dpdtimeout=70 in ipsec.conf (2.6.37).

You can try setting shorter values, though if your internet connection
is bad, there is not much we can do to make it better.

> It seems that the pppd DPD and/or the xl2tpd DPD drops the connection faster than ipsec DPD. For the pppd I configured (but with no effect):
> lcp-echo-interval 10
> lcp-echo-failure 24

the ppp link should fail with their echos as soon as your internet
connection is down, whether the ipsec tunnel is up or not. So I am not
sure how to make this better for you if pppd isnt honouring the fact
that it gets no echo replies.

Paul


More information about the Users mailing list