[strongSwan] kernel trap does not bring up VPN

Jeff jwamsc at gmail.com
Mon Nov 6 16:53:11 CET 2017

I have a VPN initiator which was unable to bring up a VPN to my
responder host. The intitiator-host is configured to start the VPN
using a kernel trap. I have a vpn-keep-alive process which
periodically pings an IP on remote_ts to bring up VPN. The initiator
public IP is a DHCP client connected to a cable modem with the curious
behavior of assigning local IP for 5 minutes after
modem power up, then assigns a working public IP xx.xx.159.30.

Despite the periodic pinging, the VPN did not come up.  Manually
intervention bringing up the VPN with "swanctl --initiate" immediately
brought the VPN up. However, I need the VPN to come up automatically.

The following log entries are quite interesting:
Oct 23 19:02:35 responder-hostname charon-systemd: unable to install
source route for
Oct 23 19:03:50 responder-hostname charon-systemd:
disappeared from enp3s0
Oct 23 19:06:04 responder-hostname charon-systemd: xx.xx.159.30
appeared on enp3s0

my configuration:
public interface enp3s0, DHCP client
local_ts =
CentOS Linux strongSwan rpm: strongswan-5.5.3-1.el7.x86_64

I have attached my initiator log file and swanctl.conf.

I am looking for guidance crafting an initiator swanct.conf to
automatically bring up the VPN for this situation.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: syslog-strongswan
Type: application/octet-stream
Size: 35468 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171106/2d836a65/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: swanctl.conf
Type: application/octet-stream
Size: 683 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171106/2d836a65/attachment-0003.obj>

More information about the Users mailing list