[Swan] How to configure LibreSwan to auto-restart IPSec-tunnel when it go down?

yuryb yuryb at ukr.net
Mon Mar 18 08:09:11 UTC 2019


On your advice, I set the "keyingtrays = 0" option on Friday and restarted LibreSwan. But this morning I discovered that L2TP-connection is disabled again. I executed the command "ipsec auto --up myvpn" and the connection was restored. That is, the problem remains. What else can be done to solve the problem?

Auto=omdemand or auto=start but leaves keyingtries to 0 (infinite)

Sent from mobile device

> On Mar 15, 2019, at 09:52, yuryb <yuryb at ukr.net> wrote:
> 
> Good for you!
> I configured L2TP/IPSec tunnel, which should work around the clock. But, when I come to work in the morning, I find that the tunnel is disconnected. At the same time, if I run the command "ipsec auto --up myvpn", the connection restores.
> How to automate reconnection using LibreSwan?
> 
> My configuration:
> config setup
>         virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
>         protostack=netkey
> conn myvpn
>         ikev2=never
>         type=transport
>         authby=secret
>         pfs=no
>         ike=aes128-sha1-modp1024
>         esp=aes128-sha1
>         left=%defaultroute
>         leftprotoport=17/1701
>         right=195.149.70.70
>         rightprotoport=17/1701
>         auto=ondemand
>         keyingtries=3
>         dpddelay=30
>         dpdtimeout=120
>         dpdaction=clear
>         rekey=yes
>         ikelifetime=8h
>         keylife=1h
> 
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190318/e16eb2a8/attachment.html>


More information about the Swan mailing list