[Swan] Libreswan as XAUTH client
Qasim Bin Mehmood
Qasim12 at outlook.com
Mon Jul 3 12:00:43 UTC 2017
Hello,
I am using libreswan as an XAUTH client to another libreswan server for remote access VPN aka road warrior. A few things I’d like to point out
1. Is there a way to reserve an IP address for a client based on username? Server or client side?
2. The client side doesn’t connect on machine startup and throws this error "We cannot identify ourselves with either end of this connection.” It connects fine once I restart the ipsec service. I have read it’s because the ipsec service tries to connect before the system has internet connectivity. Can we make the ipsec service to retry the identification automatically?
3. On the client side, if the connection drops but the interface stays up, e.g. ISP link goes down, it won’t release the VPN IP from its interface. Any ideas?
4. The client side doesn’t try to automatically reconnect once internet connectivity is up. I have the auto=start flag in ipsec.conf but it appears to auto start only when ipsec service is being started and not when it is already running.
I want the client to be always connected to the VPN server as long as it has internet connectivity. Is there a proper way to do it?
Your response is as appreciated as your time and effort for this amazing project. I paste the configuration files for further analysis.
Regards,
Qasim Mehmood
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20170703/727608c1/attachment.html>
More information about the Swan
mailing list