[ previous ] [ next ] [ threads ]
 
 From:  "Kevin Tollison" <ktollison at gmail dot com>
 To:  "Michael" <monowall at encambio dot com>, "m0n0wall" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] IPSec and dynamic DNS
 Date:  Wed, 28 Jul 2010 11:33:07 +0000
Have you tried setting up a scheduled ping to the other side?  Pfsense now has an option to do this.
 I have used this trick successfully from a workstation or server for a long time in similar
situations.  

------Original Message------
From: Michael
To: m0n0wall
Subject: [m0n0wall] IPSec and dynamic DNS
Sent: Jul 28, 2010 6:34 AM


Hello list,

My routers have a dynamic DNS - IPSec problem.

Premise 1:
My m0n0wall 1.32 embedded (on Alix 2) router called 'tokyo.mynet.com'
correctly forwards over a IPSec tunnel to 'madrid.mynet.com'.

Premise 2:
tokyo.mynet.com is correctly updating the master DNS server for
mynet.com with a dynamic IP address which changes every day.

Premise 3:
madrid.mynet.com has a static IP address.

Problem:
After the IP address for tokyo.mynet.com changes, everything
continues to perform normally, however IPSec fails.

Diagnosis:
Looking at diag_ipsec_spd.php and diag_ipsec_spd.php on
tokyo.mynet.com, everything looks good. Entries in SAD are torn
down when unused, and entries in SPD always contain the current
(correct) IP address.

On the remote (static ) router madrid.mynet.com, I see that the
SAD entries are never torn down and the SPD entries contain the
old IP address for tokyo.mynet.com.

I've already activated dead peer detection (DPD). What else do
I need to do to get this working?

Thanks,
Michael

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch



--
Kevin Tollison

Sent from my Blackberry