[ previous ] [ next ] [ threads ]
 
 From:  Dirk-Willem van Gulik <dirkx at webweaving dot org>
 To:  Manuel Kasper <mk at neon1 dot net>
 Cc:  "Suraj K. Rai" <surajrai at mac dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] IPSEC and DHCP WAN interface
 Date:  Mon, 9 Jun 2003 11:40:46 +0200 (CEST) 
> to solve this would be to write some small program that gets called by
> dhclient or MPD when the IP address changes. It would have to flush the
> SPD and SAD, reinstall all entries with the new local IP address and
> possibly restart racoon. I'll consider this for a future version.

This is very easy to do by sitting on the routing socket. You then get
actively notified when routing changes. I am doing something somilar for a
DDNS server (www.webweaving.org/DDNS/) - feel free to snarf the code.

As to a more general solution of the above; in my experience I've always
had to switch to isakmpd with full IKE support to really get those things
under control.

Dw