Hello:
We have been experiencing anomalies where stations in the field will sit disconnected for hours on end until we send a reboot even though the ping_reboot is setup.
I am testing in the lab here and have discovered on anomaly......
Strongswan (ipsec) was no running after a reboot.
HOW IS THAT POSSIBLE?
entering in a /etc/init.d/ipsec restart gave me this:
[email protected]:~# ipsec status
[email protected]:~# /etc/init.d/ipsec restart
Stopping strongSwan IPsec failed: starter is not running
Starting weakSwan 5.6.2 IPsec [starter]...
!! Your strongswan.conf contains manual plugin load options for charon.
!! This is recommended for experts only, see
!!
http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
How can the unit bootup and ipsec not start?
After restarting ipsec the tunnel came up fine.
And why doesn't the reboot restart the unit after the timeouts?
This does not happen ALL THE TIME but it does happen.
Can someone tell me what I should check to ensure that IPSec does in fact start?
Do I need to write a script to check?
This is my rc.local file:
[email protected]:~# cat /etc/rc.local
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
ip tuntap add name tap0 mode tap
ip addr add 2.2.3.14/32 brd + dev tap0
ip tunnel add SOI mode gre remote 1.1.1.10 local 2.2.3.14 ttl 255
ip link set SOI mtu 1400
ip link set SOI up
ip addr add 192.168.194.53/30 peer 192.168.194.54 brd + dev SOI
sleep 5
/etc/init.d/ipsec restart
sleep 10
ip route del 1.1.1.10
sleep 2
ip route add 192.168.0.0/16 dev SOI
exit 0
Note that we need to use the tap0 interface to make the unit a drop-in-replacement for the Digi WR21.
Cheers,
John