Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: pppoe/ipsec failure
« previous next »
Pages: [1]   Go Down

pppoe/ipsec failure

  • 2 Replies
  • 527 Views

Rod

pppoe/ipsec failure
« on: September 13, 2002, 10:47:45 AM »
I've have two sites using SME5.5 with pppoe adsl connections. We have had an ipsec connection running between the two sites after some initial teething problems. What we have noticed is that after a period of time we loose connectivity to the internet. Investigations so far show that is occurs sometimes after the adsl link drops and reestablishes. Once that has occurred the ipsec connection won't reestablish, nor can we access the internet from the internal network.
Whilst we have fixed ip's the gateway address can change for the pppoe connection. I am speculating that it is something to so with the gateway IP change. The IPSEC connection is not picking up the change in gateway.
I know the 'standard configuration' for ipsec uses a fixed gateway IP bu tit is possible to configure it to use %defaultroute and it will then connect ok ( leave the remote gateway ip blank in the ipsec.conf ). I'm going to look at the ipsec docs to see if there is some event I should be firing off when the link is reestablished to get it to pick up the changes.
Has anyone else had a similar problem or can they shed any light on other possible causes?
tks
rod
Logged

Lloyd Keen

Re: pppoe/ipsec failure
« Reply #1 on: September 13, 2002, 01:10:54 PM »
Yes, I've had that problem occur before but maybe once in 6 months. I just figured maybe the provider had done something to their routers ?? As for %defaultroute IPsec uses this by default, have a look in /etc/ipsec.conf. Who is your provider? I'm no expert but if your gateway keeps changing maybe your subnet mask might be wrong. It probably should be 255.255.255.252 for a static connection. You'll have to check with your'e provider though.
Cheers Lloyd
Logged

Rod

Re: pppoe/ipsec failure
« Reply #2 on: September 13, 2002, 04:20:55 PM »
Hi Lloyd,
"As for %defaultroute IPsec uses this by default, have a look in /etc/ipsec.conf"
Not quite if you look at the beginning of the ipsec.conf it does. This is overridden ( I think ) by the leftnexthop ( or rightnexthop ) depending upon client/server config.

I modified the 'opposite nexthop' to nothing ie empty and the 'local nexthop' to %defaultroute before I could get the ipsec link up.
I have checked the subnet mask and it is set to 255.255.255.255
My ISP is iiNET ( in Perth Western Australia ) and I have a fixed IP account ( PPPoE ).
Rod
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: pppoe/ipsec failure