[strongSwan] Automatic Tunnel Opening and Routing
Miroslav Svoboda
goodmirek at goodmirek.cz
Wed Apr 29 07:29:39 CEST 2015
Hello,
In my understanding you are happy with the behavior as long as you keep
newtwork cable plugged.
What happens that you have to restart strongSwan?
Blind shot - did you consider "dpdaction=restart"?
Miroslav
On Tuesday, April 28, 2015 at 11:19:48 AM UTC+2, Jacques Monin wrote:
>
> Hello,
>
> I'm trying to configurate strongswan in order to have automatic tunnel
> opening and routing.
>
> The tunnel opens well on traffic detection, the routes are created and all
> works well. But if a network wire is unpluged, the routing is erased and I
> have to restart strongswan.
> Is there any way to avoid this ?
>
> Is this possible to have the routing and the virtual addresse adding done
> while the opening of the tunnel ?
> By using leftupdown="ipsec _updown"
>
> It seems that the only option to have automatic tunnel opening is to
> specify auto=route in ipsec.conf (I was hoping auto=add had the same
> behaviour).
> So is there any way to have automatic tunnel opening without initial
> routing ?
>
> Here my configuration :
>
> config setup
>
> conn %default
> dpddelay=30
> keyingtries=5
> rekeymargin=120
> dpdtimeout=120
> keyexchange=ikev1
> keylife=1h
> ikelifetime=6h
> authby=rsasig
>
> conn Visio
> right=A.A.A.A
> rightsubnet=172.16.1.0/24
> rightid=%any
>
> left=%defaultroute
> leftsubnet=172.16.0.3/32
> leftsourceip=172.16.0.3
> leftcert=cert.pem
> leftca=cacert.pem
> leftsendcert=always
>
> auto=route
> type=tunnel
> ike=aes256-sha2_256-modp1536
> esp=aes256-sha2_256-modp1024
>
> Thanks for you help
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150428/408e2447/attachment.html>
More information about the Users
mailing list