[Swan] Libreswan as XAUTH client
Paul Wouters
paul at nohats.ca
Thu Jul 6 12:31:47 UTC 2017
On Thu, 6 Jul 2017, Qasim Bin Mehmood wrote:
> The third and forth problems however are still there. ipsec whack —listen does not remove the VPN configured ip from the interface and it doesn’t try to reconnect. Also the connection I have found is very unreliable. It would break frequently and won’t reconnect. I have set nat-keepalive to true. I have also set dpdaction to restart. But none of these options work. Is there a way to specify a retry interval? Following is the client side configuration.
Hmm, I thought the --listen would trigger a --down, which would remove
the IP?
>> conn xauth-psk
>> authby=secret
>> left=%defaultroute
>> leftxauthclient=yes
>> leftmodecfgclient=yes
>> leftxauthusername=username
>> modecfgpull=yes
>> right=example.com
>> rightsubnet=172.31.30.0/20
>> rightxauthserver=yes
>> rightmodecfgserver=yes
>> rekey=no
>> dpdaction=restart
>> dpdtimeout=120
>> dpddelay=30
>> auto=start
>> ike_frag=yes
>> nat-keepalive=yes
Can you try setting rekey=yes on the client side?
Paul
More information about the Swan
mailing list