FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
4,096 views 1 comments
by anonymous
Hello:

We have been experiencing anomalies where stations in the field will sit disconnected for hours on end until we send a reboot even though the ping_reboot is setup.

I am testing in the lab here and have discovered on anomaly......

Strongswan (ipsec) was no running after a reboot.

HOW IS THAT POSSIBLE?

entering in a /etc/init.d/ipsec restart gave me this:

root@CORS270:~# ipsec status

root@CORS270:~# /etc/init.d/ipsec restart

Stopping strongSwan IPsec failed: starter is not running

Starting weakSwan 5.6.2 IPsec [starter]...

!! Your strongswan.conf contains manual plugin load options for charon.

!! This is recommended for experts only, see

!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad

How can the unit bootup and ipsec not start?

After restarting ipsec the tunnel came up fine.

And why doesn't the reboot restart the unit after the timeouts?

This does not happen ALL THE TIME but it does happen.

Can someone tell me what I should check to ensure that IPSec does in fact start?

Do I need to write a script to check?

This is my rc.local file:

root@CORS270:~# cat /etc/rc.local

# Put your custom commands here that should be executed once

# the system init finished. By default this file does nothing.

ip tuntap add name tap0 mode tap

ip addr add 2.2.3.14/32 brd + dev tap0

ip tunnel add SOI mode gre remote 1.1.1.10 local 2.2.3.14 ttl 255

ip link set SOI mtu 1400

ip link set SOI up

ip addr add 192.168.194.53/30 peer 192.168.194.54 brd + dev SOI

sleep 5

/etc/init.d/ipsec restart

sleep 10

ip route del 1.1.1.10

sleep 2

ip route add 192.168.0.0/16 dev SOI

exit 0

Note that we need to use the tap0 interface to make the unit a drop-in-replacement for the Digi WR21.

Cheers,

John
by anonymous
Hello:

I have continued testing and after another 3 reboots.....same issue, ipsec did not start after the reboot.

This is a real problem.

Cheers,

John

2 Answers

0 votes
by anonymous
Hi, in the VPN IPSEC settings, what did you select in the "On startup" menu?
0 votes
by anonymous
Hi All:

This turned out to NOT BE strongswan not starting but no external interfaces up yet.

So, if you issue an "ipsec status" command it returns nothing because the WAN interface and the GPRS interface are both down. Once the GPRS interface comes up (or the WAN interface), strongswan initiates the connection.

All good.

Cheers,

john