[strongSwan] kernel trap does not bring up VPN
Tobias Brunner
tobias at strongswan.org
Mon Nov 6 17:34:35 CET 2017
Hi Jeff,
> Despite the periodic pinging, the VPN did not come up. Manually
> intervention bringing up the VPN with "swanctl --initiate" immediately
> brought the VPN up. However, I need the VPN to come up automatically.
Do you ping with `-I 10.16.0.1`? If not, the route that the daemon is
attempting to install is required to force that IP as source address
when sending packets to an IP in 192.168.37.0/24, otherwise (i.e. if
192.168.100.20 is used as source address) the packets won't match the
trap policy and the connection won't be initiated.
> The following log entries are quite interesting:
> Oct 23 19:02:35 responder-hostname charon-systemd: unable to install
> source route for 10.16.0.1
Yes, this fails because at that point there is apparently no default
route available yet:
> Oct 23 19:02:35 initiator-host charon-systemd: received netlink error: Network is unreachable (101)
Regards,
Tobias
More information about the Users
mailing list