[strongSwan] ipsec routes removed when interface down and not reinstated
Alexander Hill
alex at hill.net.au
Mon Oct 31 11:05:58 CET 2016
Hi Tobias, thanks for taking the time.
I do see the relevant log messages in the case of switching interfaces, and
when there's another path for the tunnel to take, everything works
including MOBIKE.
But when there's no immediate path, e.g. if the only network adapter has a
cable unplugged or if switching WiFi networks takes too long, the route is
deleted and when an interface comes back up, it isn't re-added.
I've just come home from work so I'll have to wait until tomorrow to post
the logs.
Cheers,
Alex
On Mon., 31 Oct. 2016 at 5:24 pm, Tobias Brunner <tobias at strongswan.org>
wrote:
Hi Alex,
> All is working. I then unplug my network cable, wait a few seconds, and
> plug it back in. Now table 220 is empty. The tunnel still says it's
> connected, and I suppose it is - but because the route isn't there any
> more, I get no traffic over the VPN.
You should check the log with the log level for the knl subsystem
increased to 2 (see [1]). The route in table 220 should get readded
automatically if the network connectivity changes (if it's an IKEv2
connection MOBIKE might also be triggered).
Regards,
Tobias
[1] https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161031/72e8156b/attachment-0001.html>
More information about the Users
mailing list