[strongSwan] Strongswan internal DNS-resolution
Dusan Ilic
dusan at comhem.se
Thu Jul 20 12:00:07 CEST 2017
Hi,
I have some issues with a site to site tunnel with two dynamic
endpoints. One side almost never changes IP-adress (it is DHCP however),
the other side changes more frequently. Both endpoints IP-adresses are
using dynamic DNS and have a corresponding domain name associated at all
times.
Today one side changed IP, and the new IP have been updated in public
DNS. I understand DNS propagation and caching, but I seem to not
understand how Strongswan handles and acts upon it.
For example, I have set keyingtries to %forever on both sides, so that
they continuesly tries to reconnect when connections is lost. I have
also changed the global initiation parameter from default 0 to 60 s, so
that it retries unsuccesful connections attempts.
Now the other side is trying to reconnect to the old IP still, however
if I ping the hostname from that endpoint it resolves to the new,
correct IP. It seems like Strongswan is caching the old DNS some how?
At last I tried to restart Strongswan and then it picked up the new IP.
I would like to have a system that solves this by itself, so I don't
need to manually have to intervene each and everythime any of the
endpoints get a new IP. How can this best be achieved?
More information about the Users
mailing list