[strongSwan] fails to retry after DNS failure
Daniel Pocock
daniel at pocock.pro
Mon May 8 10:07:41 CEST 2017
Hi,
I've got some of the following in a branch-office configuration on OpenWRT:
StrongSWAN version 5.3.3
conn mainoffice
left=%defaultroute
leftsubnet=192.168.1.0/24,my-ipv6-prefix::/64
leftcert=wrt1Cert.der
leftid=@wrt1.example.org
leftfirewall=yes
right=vpn.example.org
rightid=@vpn.example.org
rightsubnet=my-class-C/24,another-ipv6-prefix::/52
auto=start
dpdaction=restart
closeaction=restart
keyingtries=%forever
With this configuration (dpdaction, closeaction, keyingtries) I would
expect the branch office to make every effort to reconnect and keep
trying forever.
I've observed that if the ISP link goes down (e.g. removing the fibre),
if the ISP link is not ready when StrongSWAN starts up (e.g. after a
router reboot) or if the VPN server is restart then the branch office
fails to reconnect.
Looking at the logs (logread on OpenWRT) I notice an error about DNS
failure for "vpn.example.org" and then it would give up.
I changed the line "right=vpn.example.org" to "right=A.B.C.D" and the
problem went away. Now it really keeps retrying.
I'd like to open a bug report for this but I couldn't log in to the bug
tracker.
Regards,
Daniel
More information about the Users
mailing list