IPsec (openswan) doesn't work if started before a default route is set
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
network-manager-openvpn (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
I'm using a VPN connection at home to connect to the office network. At home I'm connected to a WiFi network with WPA2 encryption and DHCP for getting the IP address.
The problem is that every time I restart the laptop, ubuntu (10.10) starts IPsec (openswan 1:2.6.26+dfsg-1) before the laptop is fully connected and authenticated with the access point and with a DHCP-given IP address, so there's still no default route. When later, I try to start the VPN connection (sudo ipsec auto --up OFFICE), it fails with "OFFICE": We cannot identify ourselves with either end of this connection."
I have to restart ipsec (sudo /etc/init.d/ipsec restart) and then I can start the VPN connection. The only difference in the log files between the first start of ipsec (when still not connected to the WiFi) and the second (already connected to the WiFi) is a line in the first start that says "ipsec_setup: no default routes detected" which makes me think that ipsec cannot be started when there's no default route.
Maybe the solution could be that avahi-daemon somehow notifies IPsec that a new default route exists. I don't know if IPsec can be notified about this, if not, IPsec could be restarted. Anway, without a default route no VPN connection can be already started, so restarting IPsec should be safe.
affects: | ubuntu → network-manager-openvpn (Ubuntu) |
Status changed to 'Confirmed' because the bug affects multiple users.