Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] ipsec traffic
  • From: Christoph Egger <egger@xxxxxxxxxxxxxx>
  • Date: Thu, 19 Sep 2002 09:36:05 +0200
  • Message-id: <20020919082822.D20BF147FE@xxxxxxxxxxxxxx>
On Friday, 13. September 2002 11:22, egger@xxxxxxxxxxxxxx wrote:

> > Sep 13 09:20:48 uhura Pluto[9867]: | *time to handle event
> > Sep 13 09:20:48 uhura Pluto[9867]: | event after this is EVENT_SA_REPLACE
> > in 2670 seconds
> > Sep 13 09:20:48 uhura Pluto[9867]: | inserting event EVENT_SHUNT_SCAN,
> > timeout in 120 seconds
> > Sep 13 09:20:48 uhura Pluto[9867]: | next event EVENT_SHUNT_SCAN in 120
> > seconds
>
> I should notice, that on <gateA> runs FreeSWAN 1.94 and on <gateB> FreeSWAN
> 1.98.
>
> On <gateB> I found this sentence in the documentation (file
> opportunism.howto):
>
> --------
> Pluto now looks every 2 minutes for any %holds that it missed.
> --------
>
> Further in the file CHANGES I found this:
>
> --------
> The last remnants of the "%hold" bug, which broke 1.93 and 1.94, have
> (we think) been dealt with.
> --------
>
> Does that explain the traffic? When I update FreeSWAN on <gateA>, does that
> prevent pluto doing the EVENT_SHUNT_SCAN's every 2 minutes?

Ok, I solved the traffic problem after updating <gateA> to FreeSWAN 1.98.

Does anyone know how to tell pluto to reconfigure the ipsec0 device, when the
ip address changes due to a dynamic ip adress (dial up connection) ?

Currently I do this by restarting freeswan in the /etc/ppp/ip-up script.
Somehow I can't believe that there's no more elegant way to go....


--
CU,
Christoph

< Previous Next >
References