On Thu, May 22, 2008 at 4:50 AM, Markus Stiebeling <M underscore Stiebeling at gmx dot de> wrote:
> i try to run an ipsec tunnel between two host with dynamic ip. The first
> time it works but if i change the adress of one of the monowalls the
> tunnel won't come up again.
> To me it seems like m0n0wall does not check all 60 seconds the hostnames
> of the vpn like i configured in the advanced system menu.
> In diagnostic/ipsec/spd the ip address of the other endpoint ist still
> the old one.
> How can i solve this issue?
There is definitely a problem when using dynamic IP's with IPSEC VPN
tunnels on m0n0wall. I have witnessed it too. I have not yet found a
fix, but there is a workaround. If you reboot both m0n0walls, they
should then handle the IP address changes fine. If you cannot reboot,
you can also load the /exec.php script on the m0n0wall and execute
/etc/rc.newipsecdns which works just as well as rebooting.
The problem is actually triggered whenever you apply changes after
modifying anything in the IPSEC configuration, OR if you save any
changes on the Advanced settings page. After you do either of those
things, m0n0wall can no longer update racoon.conf with the new IP
address when a dynamic hostname is changed, unless you use the above