Topic: IPSEC Freeswan VPN over PPPOE Problems

[webster]

Hi,

I'm having some problems with pppoe and ipsec,

I have 2 version 6 servers on pppoe connections both with static ip addresses that will never change.

when I first install freeswan the vpn it all runs fine!
the 2 problems occur when
1) if the connection has to re-log in on pppoe the ipsec doesnot re-establish without restarting ipsec ... when restarting it comes up with

ipsec_setup: Stopping FreeS/WAN IPsec...
ipsec_setup: /usr/local/lib/ipsec/tncfg: Socket ioctl failed on detach -- No such device.  Is the virtual device valid
?  The ipsec module may not be linked into the kernel or loaded as a module.
ipsec_setup: Starting FreeS/WAN IPsec 1.99...
ipsec_setup: Using /lib/modules/2.4.20-18.7/kernel/net/ipsec/ipsec.o

[/quote]
2) if the machine happens to be rebooted... the pppoe connection doesn't seem to connect at all. with an ifconfig it only shows eth0 eth1 and lo, its missing ipsec0 and ppp0

anyone know how to fix these problems?
I've got other VPNs on static ips and they have been up for months and almost a year with no fault, so this is all new to me!

TIA!
T

[paulmancan2]

Yup I have had this problem (a) since day 1 (2 years) with 5.6.... but not (b)..

I am sure someone out there must have a way of dealing with this.... Hopefully we will get some responses... maybe something that watches the logs and if PPPOE goes down > up then restart ipsec...

[webster]

well I did find this but I dont know where to start and or if this will work http://lists.freeswan.org/pipermail/design/2002-July/003070.html

[ldkeen]

if the machine happens to be rebooted... the pppoe connection doesn't seem to connect at all

This seems to be a major factor in your problems. Unless you can sort this out it's pointless playing with the Ipsec side of things. How do you start the pppoe service if it doesn't come up a boot time? What versions of freeswan and e-smith-freeswan do you have?

[webster]

i'm using the contribs from
http://mirror.contribs.org/smeserver/contribs/saco/smeserver/beta/freeswan/
I've been using them on another machine for about 7 about 5 months with no problems its just on pppoe that i am having the problem...

My many problem is I can't get easy access to these machine so i can't really risk rebooting them to test them. If i reboot it I wouldn't be able to get back on to them...

I think i will set up another  box and see if i have the same problem... the only think i can think of is.... that if the ipsec is starting before pppoe it would cause some problems but i don't think that is the case.

[webster]

Hmmmm seemed to work fine (haven't created a VPN but it booted up with it installed)

will do a little more investigation on that
but seems to be working til the pppoe re-establishes

[webster]

ok... well it all seems to be fine on reboot... so the only problem is if the pppop connection has to reconnect...

how to we get it to re establish the ipsec connections once it has logged back in...set it up so it has to restart the ipsec service once pppoe is reconnected?

[webster]

almost ther found a solution but will post to the dev list and ask their opinion about it I think

[webster]

OK! fixed it, you need to re-establish the IP sec tunnel after the pppoe connection reconnects.

Catch ya later
T