IPSEC reconnect problem

From: Stefan Drees (s_drees_at_t-online.de)
Date: 08/31/03

  • Next message: John Stevenson: "Re: Newbie Hardware/Partitioning" 
    To: <debian-user@lists.debian.org>
Date: Sun, 31 Aug 2003 16:33:47 +0200

    Hi,
    i try to setup an freeswan tunnel. Everything works fine, both freeswan
    server are connected
    via pppoe and i can successfully establish the tunnel. I configured freeswan
    with uniqueids=yes,
    so i thought, if i reboot one machine, it must be automatic reconnect
    (uniqueids) but it doesn't.
    One side is connected via static ip and one via dynamic ip. I Also have an
    entry in
    /etc/ppp/ip-up.d/ipsec to start and in /etc/ppp/ip-down.d/ipsec to stop
    ipsec.

    What made i wrong?

    Thanks in advance.

    Here are my config files:
    ipsec.conf

    Side A: Side B:
    config setup config setup
            interfaces=%defaultroute interfaces=%defaultroute
            klipsdebug=none klipsdebug=none
            plutodebug=none plutodebug=none
            plutoload=%search plutoload=%search
            plutostart=%search plutostart=%search
            uniqueids=yes uniqueids=yes

    conn %default conn %default
            keyingtries=0 keyingtries=0
            type=tunnel type=tunnel
            auth=esp auth=esp
            esp=3des-sha1-69 esp=3des-sha1-69
            authby=secret authby=secret
            ikelifetime=1h ikelifetime=1h
            keylife=1h keylife=1h
            keyexchange=ike keyexchange=ike
            pfs=no pfs=no
            left=%defaultroute left=%defaultroute
            leftsubnet=192.168.82.0/24 leftsubnet=192.168.81.0/24
            leftid=@intern.home.de leftid=@intern.work.de

    conn home2work
            right=xx.dyndns.org right=yy.yy.yy.yy
            rightsubnet=192.168.81.0/24 rightsubnet=192.168.82.0/24
            rightid=@intern.work.de rightid=@intern.home.de
            auto=start auto=start

    ipsec.secrets Side A:
    @intern.home.de @intern.work.de : PSK "secretkey"

    ipsec.secrets Side B:
    @intern.work.de @intern.home.de : PSK "secretkey" 

    -- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: John Stevenson: "Re: Newbie Hardware/Partitioning"