[strongSwan] not all subnets get a tunnel
Averlon GmbH (in Gründung)
info at averlon.net
Sat Sep 19 09:31:54 CEST 2015
Hi all,
I meanwhile changed to this configuration.
+++
config setup
# strictcrlpolicy=yes
# uniqueids = no
charondebug="ike 1, knl 0, cfg 1"
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
# Add connections here.
conn averlon_109
left=%defaultroute
#leftsubnet=192.168.114.0/24
leftsourceip=192.168.114.150
leftsubnet=192.168.114.0/24
leftid=@f42252s2.av.loc
right=aoffice.dyndns.biz
rightsubnet=192.168.109.0/24
rightid=@f42252r2.av.loc
#rightallowany=yes
dpdaction=restart
auto=start
conn averlon_110
left=%defaultroute
#leftsubnet=192.168.114.0/24
leftsourceip=192.168.114.150
leftsubnet=192.168.114.0/24
leftid=@f42252s2.av.loc
right=aoffice.dyndns.biz
rightsubnet=192.168.110.0/24
rightid=@f42252r2.av.loc
#rightallowany=yes
dpdaction=restart
auto=start
conn averlon_111
left=%defaultroute
#leftsubnet=192.168.114.0/24
leftsourceip=192.168.114.150
leftsubnet=192.168.114.0/24
leftid=@f42252s2.av.loc
right=aoffice.dyndns.biz
rightsubnet=192.168.111.0/24
rightid=@f42252r2.av.loc
#rightallowany=yes
dpdaction=restart
auto=start
+++
All tunnels are created very quickly after ipsec start.
Subnet 109 stays stable at any time.
Subnet 111 in most cases also but not always.
Subnet 110 collapses after same short period of time.
As a workaround I had to install a cronjob to check the tunnel on 110 and
restart it with "ipsec up averlon_110", which immediately creates the tunnel.
If someone can give me some help what I am doing wrong or where to look at any
hint is appreciated.
Kind Regards
Karl-Heinz Fischbach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6184 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150919/e6b22f5f/attachment.bin>
More information about the Users
mailing list