[strongSwan] ipsec routes removed when interface down and not reinstated
Alexander Hill
alex at hill.net.au
Mon Oct 31 17:11:19 CET 2016
Hi Tobias,
Sounds promising - would assigning the virtual IP to the loopback interface
"just work" with no extra configuration? Are there any downsides to doing
this?
Thanks,
Alex
On Mon., 31 Oct. 2016 at 9:56 pm, Tobias Brunner <tobias at strongswan.org>
wrote:
> Hi Alex,
>
> > But when there's no immediate path, e.g. if the only network adapter has
> > a cable unplugged or if switching WiFi networks takes too long, the
> > route is deleted and when an interface comes back up, it isn't re-added.
>
> The latter should be the case if an interface that was down is activated
> again (i.e. if you see "interface ... activated" in the log) or if an
> address (re-)appears on the interface (i.e. if you see "... appeared on
> ..."). However, what's not reinstalled are the virtual IPs. So perhaps
> the problem is that the VIP disappears in some cases but not others. To
> avoid that you could set charon.install_virtual_ip_on to e.g. lo.
>
> Regards,
> Tobias
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161031/13ad7e4d/attachment.html>
More information about the Users
mailing list