News: This forum is now permanently frozen.
Pages: [1]
Topic: IPSEC no DNS Check  (Read 2770 times)
« on: September 08, 2010, 13:13:09 »
hein *
Posts: 4

Hi,

I do have the following configuration:

Two m0n0walls (Version 1.32) -  one with static IP (office) the other with a dynamic IP at home. Between these both a VPN via IPSEC is set up which works correctly. But after the dynamic IP has changed during the day the m0n0wall at the office is still using the old IP and the VPN will be disconnected.

I have to restart the whole IPSEC on the office m0n0wall  to get the vpn up again.

The 'IPsec DNS check interval' is set to 120 seconds. I have tried different values as well. It looks like this feature is not working.

I'm using dyndns.org which seems to work correctly as the new address is resolved by ping.

Any suggestions?

Thank you.

Hein
« Reply #1 on: September 09, 2010, 03:38:52 »
teichhei *
Posts: 3

Shocking, you had this problem since a half year.
I tried Monowall (1.32) last week because my Billion router's firewall feature is sh**. Everything good except VPN.
I connect to 2 AVM Fritz 3270 on dyndns. Everytime T-Com severes the connection at night, the tunnel breaks down. Then the monowall tries to reestablish the tunnel to the IP address the Fritzbox had before, I guess the same Problem as yours. Authentication fails then of course.
It looks like racoon doesn't make a DNS lookup before reestablishing the tunnel, as you said. I set dead peer detection to 60 and IPSec DNS check interval to 30 seconds but nothing helped.
I'm only a enthusiastic user, not a software engineer. So I'll have to go back to my Billion I'm afraid if nobody here can help us.
The two AVM Fritzboxes between each other and with the Billion 7402NX (Australia) work perfect, proofs the point that it is a pure monowall issue.
One option is to run Sysuptime in the office on a server and at least get an email when the tunnel is down.      Undecided
Sorry that I can't help you any further but at least you know the it is a generic Monowall/Dyndns problem and nothing you did wrong.
 Huh
« Reply #2 on: September 21, 2010, 21:30:56 »
WRR *
Posts: 4

I can confirm this is also a problem. One of my VPNs is to a home DSL with a dynamic DNS service. Every week or two when the IP changes on the home DSL, the VPN connection is not reestablished even through I can confirm with a IP lookup site that the domain name is properly resolving to the new IP.

The solution is I have to log into the monowall static side and either stop and restart the IPSEC stuff which close all other VPN connections or I found if I change the IPSec DNS check value to a new value, just that one time after it is changed it will do a lookup and work right. But it only work that one time after you changed the value and obviously does not do a lookup like it should at the frequency you specify.  This no matter the actual value for the IPSEC DNS Check, no lookup is performed unless you change the value to something new then just for that 1 time after you change the value it does a lookup before the IPSEC connection.

I really hope this bug is fixed as my boss is converting to a dynamic connection at his home soon and this will be an ongoing problem for him.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines