[strongSwan] IPSec on mobile connection with dynamic ip.
Anton
warm at stack.ru
Wed Jul 21 16:22:59 CEST 2010
It should work but this is not a solution. How to do automatically update/restart of ipsec after adsl
reconnects ?
For example:
# ipsec status
Security Associations:
host-servernet[1]: ESTABLISHED 27 minutes ago, 95.191.X.Y[95.191.X.Y]...217.29.W.Z[217.29.W.Z]
host-servernet{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: c7d9a694_i c8d94e01_o
host-servernet{1}: 192.168.34.3/32 === 192.168.2.0/27 192.168.7.1/32
After adsl reconnects 95.191.X.Y is changed to some other ip but IKE tries to send packets with source
95.191.X.Y (!). After adsl reconnect my PC does not have such ip-address (95.191.X.Y) but is has a new one.
On Wed, 21 Jul 2010 18:52:25 +0700
Andreas Steffen <andreas.steffen at strongswan.org> wrote:
> Try ipsec update
>
> Regards
>
> Andreas
>
> On 21.07.2010 12:13, Anton wrote:
> > Hi.
> >
> > I have a problem with reconnecting ipsec on my adsl and other
> > connections width dynamic ip. I use (and reconnect works with static
> > ips) this options:
> >
> > keyexchange=ikev2 dpdaction=clear dpddelay=30 dpdtimeout=15
> >
> > So when my adsl is reconnecting I get another ip from NAS but
> > strongswan keeps trying to use old (previous) ip-address when dpd
> > detects disconnect.
> >
> > How to make it to use new existing ip-address ?
> >
> > ipsec restart solves the problem but it is not good solution ...
> >
>
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
--
Anton [WARM-RIPE]
Stack ltd division head
tel. 8 (3822) 555-797
More information about the Users
mailing list