<div dir="ltr">Hello,<div><br></div><div>In my understanding you are happy with the behavior as long as you keep newtwork cable plugged.</div><div>What happens that you have to restart strongSwan?</div><div>Blind shot - did you consider "dpdaction=restart"?</div><div><br></div><div>Miroslav</div><div><br>On Tuesday, April 28, 2015 at 11:19:48 AM UTC+2, Jacques Monin wrote:<blockquote class="gmail_quote" style="margin: 0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;"><div dir="ltr"><div><div><div><div><div>Hello,<br><br></div>I'm trying to configurate strongswan in order to have automatic tunnel opening and routing.<br><br></div></div>The tunnel opens well on traffic detection, the routes are created and all works well. But if a network wire is unpluged, the routing is erased and I have to restart strongswan.<br></div><div>Is there any way to avoid this ?<br><br><div>Is this possible to have the routing and the virtual addresse adding done while the opening of the tunnel ? <br>By using leftupdown="ipsec _updown"<br></div><br>It seems that the only option to have automatic
tunnel opening is to specify auto=route in ipsec.conf (I was hoping
auto=add had the same behaviour).<br>So is there any way to have automatic tunnel opening without initial routing ?<br><br></div>Here my configuration :<br><br>config setup<br><br>conn %default<br> dpddelay=30<br> keyingtries=5<br> rekeymargin=120<br> dpdtimeout=120<br> keyexchange=ikev1<br> keylife=1h<br> ikelifetime=6h<br> authby=rsasig<br><br>conn Visio<br> right=A.A.A.A<br> rightsubnet=<a href="http://172.16.1.0/24" target="_blank" rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.16.1.0%2F24\46sa\75D\46sntz\0751\46usg\75AFQjCNF-tRrAQEZoduG9p2h0JR2cXUTnQg';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.16.1.0%2F24\46sa\75D\46sntz\0751\46usg\75AFQjCNF-tRrAQEZoduG9p2h0JR2cXUTnQg';return true;">172.16.1.0/24</a><br> rightid=%any<br><br> left=%defaultroute<br> leftsubnet=<a href="http://172.16.0.3/32" target="_blank" rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.16.0.3%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNGvncyOkXuG4bdVh33zKX1AF1Qv0A';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.16.0.3%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNGvncyOkXuG4bdVh33zKX1AF1Qv0A';return true;">172.16.0.3/32</a><br> leftsourceip=172.16.0.3<br> leftcert=cert.pem<br> leftca=cacert.pem<br> leftsendcert=always<br><br> auto=route<br> type=tunnel<br> ike=aes256-sha2_256-modp1536<br> esp=aes256-sha2_256-modp1024<br><br></div>Thanks for you help<br></div>
</blockquote></div></div>