News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Bug Reports
linktree Topic: IPSec Site to Site via Dynamic IP doesn't reconnect after IP change
Pages: [1]
Topic: IPSec Site to Site via Dynamic IP doesn't reconnect after IP change  (Read 9049 times)
« on: February 03, 2010, 02:35:10 »
knightmb ****
Posts: 341
I know I've seen this topic somewhere, but couldn't find it in a search to post a "yeah, confirmed it" answer. So forgive me if I just missed it somewhere obvious.

Basically, site to site IPSec.

Site 1 has a static IP, never changes.

Site 2 has a dynamic IP, using dyndns.org to update it's DNS when it does change.

The two sites connect to each other using the Static IP, Dynamic IP just fine (using DNS name instead of IP at site 1 basically).

When Site 2 has an IP change, dyndns.org is updated properly, DNS name is updated for new IP, but Site 1 never seems to figure this out. The dead tunnel detection does show up in the logs, but when it tries to reconnect, it keeps trying to use the *old* IP instead of the one from the DNS entry. So it never connects.

But..... if I go t site 1 and just hit the save button again in the IPsec section, then it gets the correct IP, connects up the tunnel, everything is good. It's like having to restart the IPsec module fixes the issue, so I'm puzzled why since it already detects the tunnel is down, why does it try to reconnect with the old IP instead of pulling the new IP right from the DNS entry?

Both sites running m0n0wal 1.3 release generic-PC version.
Radius Service for m0n0wall Captive Portal - http://amaranthinetech.com
« Reply #1 on: June 29, 2010, 05:06:23 »
macafee *
Posts: 4
I have this problem, too.
« Reply #2 on: July 02, 2010, 20:47:38 »
knightmb ****
Posts: 341
This problem seems to have disappeared in the 1.32 release I've noticed. I don't remember reading it in the changelog, but the sites that were having this issue, after the upgrade to 1.32, the issue went away.
Radius Service for m0n0wall Captive Portal - http://amaranthinetech.com
« Reply #3 on: July 24, 2010, 12:50:51 »
macafee *
Posts: 4
I'm using 1.32 now. But the problem still exists.
« Reply #4 on: July 28, 2010, 13:20:02 »
michaesc *
Posts: 5
In system_advanced.php you can configure a value for 'IPsec DNS check interval' near the bottom of the page. Do you have a value there, of say 60 or 300?
« Reply #5 on: September 08, 2010, 13:18:45 »
hein *
Posts: 4
I do have the same problem on 1.32. The DNS check intervall is set to 120. But it looks like this is not working.

Regards
Hein
« Reply #6 on: October 20, 2010, 06:10:43 »
annah *
Posts: 1
I'm seeing the same problem in 1.32.  Is there a workaround for this?
Symatech
« Reply #7 on: October 20, 2010, 09:21:38 »
brushedmoss ****
Posts: 446
On each monowallping the ddns name of thr opposite and check it resolves correctly to the new ip.  Then goto /status.php and look at racoon.conf and see if still has the old ip addresses listed
« Reply #8 on: October 30, 2010, 12:29:27 »
kor *
Posts: 5
Hi there! I've got the same problem. Ping DDNS-Name correctly resolves the new IP but racoon.conf still shows the old one.

[edit]
btw: using 1.32
[/edit]
« Last Edit: October 30, 2010, 12:33:42 by kor »
« Reply #9 on: February 18, 2011, 01:00:22 »
brushedmoss ****
Posts: 446
have you been able to test on 1.33b2 ?  there is a 'fix' in that hopefully fixes this
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines