Re: [m0n0wall] 1.3b11 problem with ipsec tunnel between two m0n0wall on dynamic ip

From:	JR <tiresias at gmail dot com>
To:	"Markus Stiebeling" <M underscore Stiebeling at gmx dot de>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] 1.3b11 problem with ipsec tunnel between two m0n0wall on dynamic ip
Date:	Wed, 18 Jun 2008 11:56:48 -0400

On Thu, May 22, 2008 at 4:50 AM, Markus Stiebeling <M underscore Stiebeling at gmx dot de> wrote:
> i try to run an ipsec tunnel between two host with dynamic ip. The first
> time it works but if i change the adress of one of the monowalls the
> tunnel won't come up again.
> To me it seems like m0n0wall does not check all 60 seconds the hostnames
> of the vpn like i configured in the advanced system menu.
> In diagnostic/ipsec/spd the ip address of the other endpoint ist still
> the old one.
> How can i solve this issue?

Hello,
There is definitely a problem when using dynamic IP's with IPSEC VPN
tunnels on m0n0wall. I have witnessed it too. I have not yet found a
fix, but there is a workaround. If you reboot both m0n0walls, they
should then handle the IP address changes fine. If you cannot reboot,
you can also load the /exec.php script on the m0n0wall and execute
/etc/rc.newipsecdns which works just as well as rebooting.

The problem is actually triggered whenever you apply changes after
modifying anything in the IPSEC configuration, OR if you save any
changes on the Advanced settings page. After you do either of those
things, m0n0wall can no longer update racoon.conf with the new IP
address when a dynamic hostname is changed, unless you use the above
workaround.

JR