[strongSwan] dpdaction=restart doesn't always bring up link

Noel Kuntze noel at familie-kuntze.de
Sun Apr 26 19:49:44 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Daniel,

Try keyingtries=%forever

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 26.04.2015 um 16:31 schrieb Daniel Pocock:
>
>
> I have StrongSWAN on an OpenWRT router
>
> ipsec version reports:
> Linux strongSwan U5.0.4/K3.3.8
>
>
> Sometimes the DSL goes down and comes up again within a minute or so but
> the VPN doesn't always re-establish itself.
>
> I have the following in /etc/ipsec.conf:
>
> config setup
>     # strictcrlpolicy=yes
>     # uniqueids = no
>
> # Add connections here.
>
> conn vpn
>     left=%defaultroute
>     leftid=@wrt1.example.org
>     leftcert=wrt1Cert.der
>     leftsubnet=192.168.1.0/24,2001:1234:5678:0::/64
>     leftfirewall=no
>     lefthostaccess=no
>     right=vpn.example.org
>     rightid=@vpn.example.org
>     rightsubnet=198.51.100.0/24,2001:abcd:1234:1000::/52
>     keyexchange=ikev2
>     auto=start
>     dpdaction=restart
>
>
> Is there anything else I should do to ensure this VPN is always up?
>
> The OpenWRT device almost always gets the same IP address from the ISP,
> but it is not guaranteed to be static, so it can only be started from
> OpenWRT and not from the other end of the link.
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVPSU2AAoJEDg5KY9j7GZYlfIQAI9MbewhArRBxxLxNjNWDMDm
/ZLzlb5HAq+VhshcCK67SR5iBn6pin2tLyn7bX3fNoDpKX2idf6z+EuqMKbT3lq9
ReEjCfy596P8XUjEciJwCJovI6taN3fvpoOYyhYuu1iNjonqPcXaS/aTyhG4W4qG
NEj74WAIKbmd88Lg8/BHZF3iHujq3BQih0R0U3oXmvken7GUiu23IwG27dIbT2dQ
Atm8HV+kS6+X5qeGGGuWz0tsA5v17iUTOtPBkyJFJsWc0QMe8kSGE9Lt5tHWE8oA
9ya4ISywE1m0/2xX1WxzGJz2oL4cKpCR7//Nh+MGYy/Y9r/KKYfVRpp8ymxd/n31
0PChDl2oVao0Y7oDxQr1ySUDcW/XwqMTJfWw8pacoyvyxpJ2zG81V/RPXwyPokM3
JkimgZtrSUPOOy7tekH6/9Md/R4JIefKtVm7CblDshQSIzjfbWcFs6erRjZEpoj9
JxP5ttZHF2HkO6zQyvIpKwpOcmpZD7Oo7UgVMb/KfGJu9u4wWAG0MUOU/5xxyCvb
jKg1rf/9DleGwDmp25iEbVZJ2GCv7gx1ze8B+wk2141ABVEVs7hrwKhjzDOY7oY7
V1bYGSemEF05dOe8ZeJ+pQcnpVLgGweU+EYY96eWJvJGxervFym1ZP3FeHQqLzaL
6Mr+OHv+6j3GKc7K+F6E
=mltC
-----END PGP SIGNATURE-----



More information about the Users mailing list