[ previous ] [ next ] [ threads ]
 
 From:  Michael <monowall at encambio dot com>
 To:  M0n0wall list <m0n0wall at lists dot m0n0 dot ch>
 Subject:  IPSec and dynamic DNS
 Date:  Wed, 28 Jul 2010 12:34:53 +0200
Hello list,

My routers have a dynamic DNS - IPSec problem.

Premise 1:
My m0n0wall 1.32 embedded (on Alix 2) router called 'tokyo.mynet.com'
correctly forwards over a IPSec tunnel to 'madrid.mynet.com'.

Premise 2:
tokyo.mynet.com is correctly updating the master DNS server for
mynet.com with a dynamic IP address which changes every day.

Premise 3:
madrid.mynet.com has a static IP address.

Problem:
After the IP address for tokyo.mynet.com changes, everything
continues to perform normally, however IPSec fails.

Diagnosis:
Looking at diag_ipsec_spd.php and diag_ipsec_spd.php on
tokyo.mynet.com, everything looks good. Entries in SAD are torn
down when unused, and entries in SPD always contain the current
(correct) IP address.

On the remote (static ) router madrid.mynet.com, I see that the
SAD entries are never torn down and the SPD entries contain the
old IP address for tokyo.mynet.com.

I've already activated dead peer detection (DPD). What else do
I need to do to get this working?

Thanks,
Michael