[strongSwan] dpdaction=restart doesn't always bring up link

Miroslav Svoboda goodmirek at goodmirek.cz
Sun Apr 26 23:06:56 CEST 2015


What about "closeaction=restart", may it help?

On Sunday, April 26, 2015 at 7:49:55 PM UTC+2, Noel Kuntze wrote:
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Daniel,
>
> Try keyingtries=%forever
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 26.04.2015 um 16:31 schrieb Daniel Pocock:
> >
> >
> > I have StrongSWAN on an OpenWRT router
> >
> > ipsec version reports:
> > Linux strongSwan U5.0.4/K3.3.8
> >
> >
> > Sometimes the DSL goes down and comes up again within a minute or so but
> > the VPN doesn't always re-establish itself.
> >
> > I have the following in /etc/ipsec.conf:
> >
> > config setup
> >     # strictcrlpolicy=yes
> >     # uniqueids = no
> >
> > # Add connections here.
> >
> > conn vpn
> >     left=%defaultroute
> >     leftid=@wrt1.example.org
> >     leftcert=wrt1Cert.der
> >     leftsubnet=192.168.1.0/24,2001:1234:5678:0::/64
> >     leftfirewall=no
> >     lefthostaccess=no
> >     right=vpn.example.org
> >     rightid=@vpn.example.org
> >     rightsubnet=198.51.100.0/24,2001:abcd:1234:1000::/52
> >     keyexchange=ikev2
> >     auto=start
> >     dpdaction=restart
> >
> >
> > Is there anything else I should do to ensure this VPN is always up?
> >
> > The OpenWRT device almost always gets the same IP address from the ISP,
> > but it is not guaranteed to be static, so it can only be started from
> > OpenWRT and not from the other end of the link.
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJVPSU2AAoJEDg5KY9j7GZYlfIQAI9MbewhArRBxxLxNjNWDMDm
> /ZLzlb5HAq+VhshcCK67SR5iBn6pin2tLyn7bX3fNoDpKX2idf6z+EuqMKbT3lq9
> ReEjCfy596P8XUjEciJwCJovI6taN3fvpoOYyhYuu1iNjonqPcXaS/aTyhG4W4qG
> NEj74WAIKbmd88Lg8/BHZF3iHujq3BQih0R0U3oXmvken7GUiu23IwG27dIbT2dQ
> Atm8HV+kS6+X5qeGGGuWz0tsA5v17iUTOtPBkyJFJsWc0QMe8kSGE9Lt5tHWE8oA
> 9ya4ISywE1m0/2xX1WxzGJz2oL4cKpCR7//Nh+MGYy/Y9r/KKYfVRpp8ymxd/n31
> 0PChDl2oVao0Y7oDxQr1ySUDcW/XwqMTJfWw8pacoyvyxpJ2zG81V/RPXwyPokM3
> JkimgZtrSUPOOy7tekH6/9Md/R4JIefKtVm7CblDshQSIzjfbWcFs6erRjZEpoj9
> JxP5ttZHF2HkO6zQyvIpKwpOcmpZD7Oo7UgVMb/KfGJu9u4wWAG0MUOU/5xxyCvb
> jKg1rf/9DleGwDmp25iEbVZJ2GCv7gx1ze8B+wk2141ABVEVs7hrwKhjzDOY7oY7
> V1bYGSemEF05dOe8ZeJ+pQcnpVLgGweU+EYY96eWJvJGxervFym1ZP3FeHQqLzaL
> 6Mr+OHv+6j3GKc7K+F6E
> =mltC
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150426/b1405d5d/attachment-0001.html>


More information about the Users mailing list