[Swan] Fail to connect on reboot
Nick Howitt
nick at howitts.co.uk
Thu Sep 9 11:07:00 UTC 2021
Can you check the unit file and see if it has a line:
After=network-online.target
If it does not, try adding it?
Nick
On 09/09/2021 10:42, António Silva wrote:
> Hi,
>
> I change the ipsec.service and added to it:
>
> # check internet connectivity
> ExecStartPre=/bin/sh -c 'until ping -c1 1.1.1.1; do sleep 1; done;'
>
> This solves it, ipsec waits to have external connection to start.
> --
> Saludos / Regards / Cumprimentos
> António Silva
>
>
>
>
>> On 8 Sep 2021, at 15:55, António Silva <asilva at wirelessmundi.com
>> <mailto:asilva at wirelessmundi.com>> wrote:
>>
>> Hi,
>>
>> I’ve found an issue that my tunnel is not up after I reboot my
>> machine., if I connect via ssh restart ipsec it connects.. no errors.
>>
>> What I notice is that is because network is not enable yet, I mean, no
>> dns to resolve the right address, form the logs I get:
>>
>> [16:47:48][beelink][~]# systemctl status ipsec
>> ●ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
>> Loaded: loaded (/lib/systemd/system/ipsec.service; enabled; vendor
>> preset: disabled)
>> Active: active (running)since Wed 2021-09-08 16:46:24 CEST; 1min
>> 25s ago
>> Docs: man:ipsec(8)
>> man:pluto(8)
>> man:ipsec.conf(5)
>> Main PID: 1224 (pluto)
>> Status: "Startup completed."
>> Tasks: 4 (limit: 4597)
>> Memory: 11.8M
>> CPU: 1.529s
>> CGroup: /system.slice/ipsec.service
>> └─1224 /usr/libexec/ipsec/pluto --leak-detective --config
>> /etc/ipsec.conf --nofork
>>
>> Sep 08 16:46:24 beelink pluto[1224]: "tunnel1": we cannot identify
>> ourselves with either end of this connection. 192.168.1.60 or
>> <unset-address> are not usable
>> Sep 08 16:46:24 beelink pluto[1224]: "tunnel1": failed to initiate
>> connection
>> Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with
>> length 60 < 232 bytes; ignore message
>> Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with
>> length 60 < 232 bytes; ignore message
>> Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with
>> length 60 < 232 bytes; ignore message
>> Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with
>> length 60 < 232 bytes; ignore message
>> Sep 08 16:46:39 beelink pluto[1224]: netlink_acquire got message with
>> length 52 < 232 bytes; ignore message
>> Sep 08 16:46:39 beelink pluto[1224]: netlink_acquire got message with
>> length 52 < 232 bytes; ignore message
>> Sep 08 16:46:39 beelink pluto[1224]: netlink_acquire got message with
>> length 36 < 232 bytes; ignore message
>> Sep 08 16:47:24 beelink pluto[1224]: EXPECTATION FAILED: c->host_pair
>> != ((void *)0) (connection_check_ddns1() +1141 programs/pluto/initiate.c)
>>
>> To reproduce it, I’ve setup my machine to use DHCP address, the dhcp
>> server is slow to reply the address, so ipsec start before I’ve a
>> valid ip.
>> If I set a static IP everything work as expected.
>>
>> Can we set the timeout to wait for a valid DNS/connection before it
>> fails?
>>
>> Using libreswan v4.5 in debian buster.
>>
>>
>> Thanks.
>>
>>
>> --
>> Saludos / Regards / Cumprimentos
>> António Silva
>>
>>
>>
>>
>> _______________________________________________
>> Swan mailing list
>> Swan at lists.libreswan.org <mailto:Swan at lists.libreswan.org>
>> https://lists.libreswan.org/mailman/listinfo/swan
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>
More information about the Swan
mailing list