[strongSwan] kernel trap does not bring up VPN

Tobias Brunner tobias at strongswan.org
Mon Nov 6 17:34:35 CET 2017

Hi Jeff,

> Despite the periodic pinging, the VPN did not come up.  Manually
> intervention bringing up the VPN with "swanctl --initiate" immediately
> brought the VPN up. However, I need the VPN to come up automatically.

Do you ping with `-I`?  If not, the route that the daemon is
attempting to install is required to force that IP as source address
when sending packets to an IP in, otherwise (i.e. if is used as source address) the packets won't match the
trap policy and the connection won't be initiated.

> The following log entries are quite interesting:
> Oct 23 19:02:35 responder-hostname charon-systemd: unable to install
> source route for

Yes, this fails because at that point there is apparently no default
route available yet:

> Oct 23 19:02:35 initiator-host charon-systemd: received netlink error: Network is unreachable (101)


More information about the Users mailing list