> Well, at that point I don't have VPN. The CSTP reconnection occurs when > the TCP connection part of the VPN is closed. That can only occur if the > server is down, thus the UDP part is also off. Are there servers which > forcefully close the CSTP connection but expect the DTLS connection to > remain active? Well, I'm not sure about 'forcefully close' but it's certainly possible to lose the TCP connection for various reasons (packet loss, NAT brokenness, etc.) while DTLS is still running. Either way, the point is that surely DNS is unlikely to work right. And even if it does you may need to run the vpnc-script to set up routes correctly for the new server. I wonder if the better solution here is a wrapper which will restart the connection from scratch... it can keep the same cookie. Let the reconnect (to the old IP address) fail. Run vpnc-script to tear down the network config. Then where appropriate, do tje DNS lookup again. If there's a new address, try to connect to that using the existing cookie. Can that work? -- dwmw2
