[strongSwan] ipsec routes removed when interface down and not reinstated
Alexander Hill
alex at hill.net.au
Fri Oct 28 07:07:27 CEST 2016
Hi all,
Trying to get my IPsec tunnels to come back up as reliably as possible.
Say I'm connected to ipsec and my table 220 looks like this:
172.16.0.0/16 via 192.168.1.254 dev eth0 proto static src 172.16.0.2
All is working. I then unplug my network cable, wait a few seconds, and
plug it back in. Now table 220 is empty. The tunnel still says it's
connected, and I suppose it is - but because the route isn't there any
more, I get no traffic over the VPN. The interruption was brief enough that
DPD didn't catch it
Is there any solution to this? I guess I could brute force it and restart
ipsec on if-up and if-down, but I'd rather understand what's going on and
fix this in configuration if possible. What's the thing that removes the
route when the network cable is unplugged - and can that thing also re-add
the route when it's plugged back in?
Cheers,
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161028/f56acae5/attachment-0001.html>
More information about the Users
mailing list