[strongSwan] Scripting VPN up/down on Mac OS X?

Dan Diman dan.diman at certifi.net
Tue Nov 4 15:45:46 CET 2014 

I’m using the Mac OS X widget to connect to a VPN, version 5.2.1 (1) .

Sometimes, the VPN goes down.  The tail of the log from such an event is included at the bottom of this e-mail.  For the moment, I’m less worried about the specific reason for the loss of the connection; I will probably try to troubleshoot that further with a coworker, but for now I’m interested in detecting that fact that it’s down, and automatically trying to reestablish the connection.

Assuming that sometimes the VPN will go down for whatever reason, is there a way to get at the strongSwan components from bash?

I’m imagining writing a little script, whose pseudo-code would be:

If (vpn_is_down) {
reconnet;
}


I can think of ways to answer the question “Is the VPN down?” (e.g. Pinging a host that is on the other network) but I don’t know if there is a way to bring the connection up from the command line?

Thanks in advance for any advice or suggestions.


-Dan

======log snippet=====
sending keep alive to x.x.x.x[4500]
sending DPD request
generating INFORMATIONAL request 449 [ N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.0.8[56570] to x.x.x.x[4500] (124 bytes)
received packet: from x.x.x.x[4500] to 192.168.0.8[56570] (124 bytes)
parsed INFORMATIONAL response 449 [ N(NATD_S_IP) N(NATD_D_IP) ]
sending keep alive to x.x.x.x[4500]
sending DPD request
generating INFORMATIONAL request 450 [ N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.0.8[56570] to x.x.x.x[4500] (124 bytes)
received packet: from x.x.x.x[4500] to 192.168.0.8[56570] (124 bytes)
parsed INFORMATIONAL response 450 [ N(NATD_S_IP) N(NATD_D_IP) ]
initiating IKE_SA Certifi VPC[21] to x.x.x.x
generating CREATE_CHILD_SA request 451 [ SA No KE ]
sending packet: from 192.168.0.8[56570] to x.x.x.x[4500] (1116 bytes)
retransmit 1 of request with message ID 451
sending packet: from 192.168.0.8[56570] to x.x.x.x[4500] (1116 bytes)
retransmit 2 of request with message ID 451
sending packet: from 192.168.0.8[56570] to x.x.x.x[4500] (1116 bytes)
retransmit 3 of request with message ID 451
sending packet: from 192.168.0.8[56570] to x.x.x.x[4500] (1116 bytes)
sending keep alive to x.x.x.x[4500]
retransmit 4 of request with message ID 451
sending packet: from 192.168.0.8[56570] to x.x.x.x[4500] (1116 bytes)
sending keep alive to x.x.x.x[4500]
sending keep alive to x.x.x.x[4500]
retransmit 5 of request with message ID 451
sending packet: from 192.168.0.8[56570] to x.x.x.x[4500] (1116 bytes)
sending keep alive to x.x.x.x[4500]
sending keep alive to x.x.x.x[4500]
sending keep alive to x.x.x.x[4500]
giving up after 5 retransmits
rekeying IKE_SA failed, peer not responding

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141104/0f7ec4c9/attachment.html>

More information about the Users mailing list