Tags

openswan sucks

4:33pm on Jan 09, 2014

Right so in the previous article I set up an IPSec VPN between Openswan and OpenBSD's PF. The issue with it is that any time the OpenBSD end restarted, the Openswan end had no idea this occurred, and quit working with no notification of any sort. And just running "ipsec auto --down $conn; ipsec auto --up $conn" didn't work, it actually created an additional flow and SAD on the OpenBSD side, and the tunnel wouldn't become active.

So I'm going old-school. I'm going to write a stupid hacky script to ping the OpenBSD internal endpoint from the Openswan box, and when it goes unresponsive, run "ipsec auto --replace $conn && ipsec auto --up $conn" to bring the tunnel back up.

See? Openswan sucks.

Feel free, by the way, to prove otherwise.

Tags