[strongSwan] kernel trap does not bring up VPN

Jeff jwamsc at gmail.com
Mon Nov 6 16:53:11 CET 2017


I have a VPN initiator which was unable to bring up a VPN to my
responder host. The intitiator-host is configured to start the VPN
using a kernel trap. I have a vpn-keep-alive process which
periodically pings an IP on remote_ts to bring up VPN. The initiator
public IP is a DHCP client connected to a cable modem with the curious
behavior of assigning local IP 192.168.100.20 for 5 minutes after
modem power up, then assigns a working public IP xx.xx.159.30.

Despite the periodic pinging, the VPN did not come up.  Manually
intervention bringing up the VPN with "swanctl --initiate" immediately
brought the VPN up. However, I need the VPN to come up automatically.

The following log entries are quite interesting:
Oct 23 19:02:35 responder-hostname charon-systemd: unable to install
source route for 10.16.0.1
...
Oct 23 19:03:50 responder-hostname charon-systemd: 192.168.100.20
disappeared from enp3s0
...
Oct 23 19:06:04 responder-hostname charon-systemd: xx.xx.159.30
appeared on enp3s0


my configuration:
public interface enp3s0, DHCP client
local_ts = 10.16.0.1
CentOS Linux strongSwan rpm: strongswan-5.5.3-1.el7.x86_64

I have attached my initiator log file and swanctl.conf.

I am looking for guidance crafting an initiator swanct.conf to
automatically bring up the VPN for this situation.

thanks,
Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: syslog-strongswan
Type: application/octet-stream
Size: 35468 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171106/2d836a65/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: swanctl.conf
Type: application/octet-stream
Size: 683 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171106/2d836a65/attachment-0003.obj>


More information about the Users mailing list