[ previous ] [ next ] [ threads ]
 
 From:  macafee <macafee at aivian dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSec and dynamic DNS
 Date:  Wed, 28 Jul 2010 20:44:01 +0800
2010-7-28 18:34, Michael:
>
> Hello list,
>
> My routers have a dynamic DNS - IPSec problem.
>
> Premise 1:
> My m0n0wall 1.32 embedded (on Alix 2) router called 'tokyo.mynet.com'
> correctly forwards over a IPSec tunnel to 'madrid.mynet.com'.
>
> Premise 2:
> tokyo.mynet.com is correctly updating the master DNS server for
> mynet.com with a dynamic IP address which changes every day.
>
> Premise 3:
> madrid.mynet.com has a static IP address.
>
> Problem:
> After the IP address for tokyo.mynet.com changes, everything
> continues to perform normally, however IPSec fails.
>
> Diagnosis:
> Looking at diag_ipsec_spd.php and diag_ipsec_spd.php on
> tokyo.mynet.com, everything looks good. Entries in SAD are torn
> down when unused, and entries in SPD always contain the current
> (correct) IP address.
>
> On the remote (static ) router madrid.mynet.com, I see that the
> SAD entries are never torn down and the SPD entries contain the
> old IP address for tokyo.mynet.com.
>
> I've already activated dead peer detection (DPD). What else do
> I need to do to get this working?
>
> Thanks,
> Michael
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>

I use the genericpc-1.32 version. I met this problem too. But I use two 
dynamic ip address on both side. I found the system can't renew the ip 
address when the ip address was changed.