From svogl at vodata.de Sun Feb 21 11:48:06 2021 From: svogl at vodata.de (Siegfried Vogl) Date: Sun, 21 Feb 2021 12:48:06 +0100 Subject: [Openswan Users] Dynamically attached interfaces Message-ID: <61a8382d-a50a-110a-634f-660481a75d5f@vodata.de> ?Hello, Linux Openswan U2.6.52.1/K4.14.214 on an embedded system. I'm a bit confused because I always thought that openswan automatically recognizes interfaces that are added at runtime or whose ip address changes dynamically. Now I have the following issue: - pluto has started. - "networkd" from "systemd" (version 246) is used as the network daemon. I cannot use the NetworkManager. - An OTA connection is started via the command line interface of the ModemManager ("mmcli -m --simple-connect=..."), which creates the interface "wwan0". Openswan does not set up a listener on this interface. Only an "ipsec whack --listen" makes the interface known to Pluto. The disadvantage here is that tunnels that are active on other interfaces are then obviously terminated. Even if the wwan0 interface is already known to Pluto, but changes its IP due to a new connection, this is not recognized by Pluto. When starting a tunnel, this then leads to a routing problem in Pluto because it does not recognize the new network. I am now wondering whether this is due to the use of the "systemd networkd"? Workarounds: - Does anyone know of a command to specifically add or remove an interface for the listener? I don't know anyone. - Let Pluto listen on a bridge interface and add the wwan to the bridge during runtime, or delete it. By the way, the problem is not limited to OTA. I have the same problem on a LAN DHCP interface. I would be grateful for any advice. Siegfried From svogl at vodata.de Sun Feb 21 16:14:20 2021 From: svogl at vodata.de (Siegfried Vogl) Date: Sun, 21 Feb 2021 17:14:20 +0100 Subject: [Openswan Users] Dynamically attached interfaces In-Reply-To: <61a8382d-a50a-110a-634f-660481a75d5f@vodata.de> References: <61a8382d-a50a-110a-634f-660481a75d5f@vodata.de> Message-ID: <3d016f78-ee04-118c-ab7c-017910dccff4@vodata.de> Hello, sorry for the noise. I answer myself. "ipsec auto --ready" was the answer. I missed it in my source. Siegfried On 2/21/21 12:48 PM, Siegfried Vogl wrote: > ?Hello, > > > Linux Openswan U2.6.52.1/K4.14.214 on an embedded system. > > I'm a bit confused because I always thought that openswan > automatically recognizes interfaces that are added at runtime or whose > ip address changes dynamically. > > Now I have the following issue: > - pluto has started. > > - "networkd" from "systemd" (version 246) is used as the network > daemon. I cannot use the NetworkManager. > > - An OTA connection is started via the command line interface of the > ModemManager ("mmcli -m --simple-connect=..."), which creates > the interface "wwan0". > > > Openswan does not set up a listener on this interface. Only an "ipsec > whack --listen" makes the interface known to Pluto. The disadvantage > here is that tunnels that are active on other interfaces are then > obviously terminated. > Even if the wwan0 interface is already known to Pluto, but changes its > IP due to a new connection, this is not recognized by Pluto. When > starting a tunnel, this then leads to a routing problem in Pluto > because it does not recognize the new network. > I am now wondering whether this is due to the use of the "systemd > networkd"? > > Workarounds: > - Does anyone know of a command to specifically add or remove an > interface for the listener? I don't know anyone. > - Let Pluto listen on a bridge interface and add the wwan to the > bridge during runtime, or delete it. > > By the way, the problem is not limited to OTA. I have the same problem > on a LAN DHCP interface. > > I would be grateful for any advice. > > Siegfried >