[strongSwan] dpdaction=restart doesn't always bring up link
Daniel Pocock
daniel at pocock.pro
Sun Apr 26 16:31:16 CEST 2015
I have StrongSWAN on an OpenWRT router
ipsec version reports:
Linux strongSwan U5.0.4/K3.3.8
Sometimes the DSL goes down and comes up again within a minute or so but
the VPN doesn't always re-establish itself.
I have the following in /etc/ipsec.conf:
config setup
# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
conn vpn
left=%defaultroute
leftid=@wrt1.example.org
leftcert=wrt1Cert.der
leftsubnet=192.168.1.0/24,2001:1234:5678:0::/64
leftfirewall=no
lefthostaccess=no
right=vpn.example.org
rightid=@vpn.example.org
rightsubnet=198.51.100.0/24,2001:abcd:1234:1000::/52
keyexchange=ikev2
auto=start
dpdaction=restart
Is there anything else I should do to ensure this VPN is always up?
The OpenWRT device almost always gets the same IP address from the ISP,
but it is not guaranteed to be static, so it can only be started from
OpenWRT and not from the other end of the link.
More information about the Users
mailing list