[Swan] Fail to connect on reboot
António Silva
asilva at wirelessmundi.com
Thu Sep 9 09:42:30 UTC 2021
Hi,
I change the ipsec.service and added to it:
# check internet connectivity
ExecStartPre=/bin/sh -c 'until ping -c1 1.1.1.1; do sleep 1; done;'
This solves it, ipsec waits to have external connection to start.
--
Saludos / Regards / Cumprimentos
António Silva
> On 8 Sep 2021, at 15:55, António Silva <asilva at wirelessmundi.com> wrote:
>
> Hi,
>
> I’ve found an issue that my tunnel is not up after I reboot my machine., if I connect via ssh restart ipsec it connects.. no errors.
>
> What I notice is that is because network is not enable yet, I mean, no dns to resolve the right address, form the logs I get:
>
> [16:47:48][beelink][~]# systemctl status ipsec
> ● ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
> Loaded: loaded (/lib/systemd/system/ipsec.service; enabled; vendor preset: disabled)
> Active: active (running) since Wed 2021-09-08 16:46:24 CEST; 1min 25s ago
> Docs: man:ipsec(8)
> man:pluto(8)
> man:ipsec.conf(5)
> Main PID: 1224 (pluto)
> Status: "Startup completed."
> Tasks: 4 (limit: 4597)
> Memory: 11.8M
> CPU: 1.529s
> CGroup: /system.slice/ipsec.service
> └─1224 /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork
>
> Sep 08 16:46:24 beelink pluto[1224]: "tunnel1": we cannot identify ourselves with either end of this connection. 192.168.1.60 or <unset-address> are not usable
> Sep 08 16:46:24 beelink pluto[1224]: "tunnel1": failed to initiate connection
> Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with length 60 < 232 bytes; ignore message
> Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with length 60 < 232 bytes; ignore message
> Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with length 60 < 232 bytes; ignore message
> Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with length 60 < 232 bytes; ignore message
> Sep 08 16:46:39 beelink pluto[1224]: netlink_acquire got message with length 52 < 232 bytes; ignore message
> Sep 08 16:46:39 beelink pluto[1224]: netlink_acquire got message with length 52 < 232 bytes; ignore message
> Sep 08 16:46:39 beelink pluto[1224]: netlink_acquire got message with length 36 < 232 bytes; ignore message
> Sep 08 16:47:24 beelink pluto[1224]: EXPECTATION FAILED: c->host_pair != ((void *)0) (connection_check_ddns1() +1141 programs/pluto/initiate.c)
>
> To reproduce it, I’ve setup my machine to use DHCP address, the dhcp server is slow to reply the address, so ipsec start before I’ve a valid ip.
> If I set a static IP everything work as expected.
>
> Can we set the timeout to wait for a valid DNS/connection before it fails?
>
> Using libreswan v4.5 in debian buster.
>
>
> Thanks.
>
>
> --
> Saludos / Regards / Cumprimentos
> António Silva
>
>
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210909/2ef0ecb1/attachment-0001.html>
More information about the Swan
mailing list