[ previous ] [ next ] [ threads ]
 
 From:  Mark Phillips <g7ltt at g7ltt dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  V1.32 Bug in IPSEC with domain name
 Date:  Mon, 19 Apr 2010 15:22:44 -0400
Hi all,

I think I've found a bug in the IPSEC stuff or at least a PITA normal 
operation.

I'm using a handful of IPSEC sessions whose endpoints are on dynamic 
IP's. In turn I have populated the remote end IP field with the dyndns 
domain name of each of my endpoints.

When mono is started (or restarted) these links come up but if the 
endpoint ever changes it's IP address the VPN never recovers.

The logs show my end trying to establish links with the previous remote 
IP address. It never goes back to refresh the domain name entry.

I can even use the PING tool in the GUI to ping the remote end by name. 
This results in a successful PING and a display of the new IP address. 
IPSEC doesn't pay attention to this.

Whilst changing of the remote address doesn't happen more than about 
once a month it is a serious PITA to have my end drop the links just 
because of a non DNS lookup.

Surely when the link drops IPSEC should do a DNS lookup BEFORE trying to 
raise the link again? It doesn't appear to be doing that.

Thanks

Mark