8904 questions

10557 answers

16569 comments

15947 members

0 votes
731 views 1 comments
by
Hello:

We have been experiencing anomalies where stations in the field will sit disconnected for hours on end until we send a reboot even though the ping_reboot is setup.

I am testing in the lab here and have discovered on anomaly......

Strongswan (ipsec) was no running after a reboot.

HOW IS THAT POSSIBLE?

entering in a /etc/init.d/ipsec restart gave me this:

root@CORS270:~# ipsec status

root@CORS270:~# /etc/init.d/ipsec restart

Stopping strongSwan IPsec failed: starter is not running

Starting weakSwan 5.6.2 IPsec [starter]...

!! Your strongswan.conf contains manual plugin load options for charon.

!! This is recommended for experts only, see

!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad

How can the unit bootup and ipsec not start?

After restarting ipsec the tunnel came up fine.

And why doesn't the reboot restart the unit after the timeouts?

This does not happen ALL THE TIME but it does happen.

Can someone tell me what I should check to ensure that IPSec does in fact start?

Do I need to write a script to check?

This is my rc.local file:

root@CORS270:~# cat /etc/rc.local

# Put your custom commands here that should be executed once

# the system init finished. By default this file does nothing.

ip tuntap add name tap0 mode tap

ip addr add 2.2.3.14/32 brd + dev tap0

ip tunnel add SOI mode gre remote 1.1.1.10 local 2.2.3.14 ttl 255

ip link set SOI mtu 1400

ip link set SOI up

ip addr add 192.168.194.53/30 peer 192.168.194.54 brd + dev SOI

sleep 5

/etc/init.d/ipsec restart

sleep 10

ip route del 1.1.1.10

sleep 2

ip route add 192.168.0.0/16 dev SOI

exit 0

Note that we need to use the tap0 interface to make the unit a drop-in-replacement for the Digi WR21.

Cheers,

John
by
Hello:

I have continued testing and after another 3 reboots.....same issue, ipsec did not start after the reboot.

This is a real problem.

Cheers,

John

2 Answers

0 votes
by
Hi, in the VPN IPSEC settings, what did you select in the "On startup" menu?
0 votes
by
Hi All:

This turned out to NOT BE strongswan not starting but no external interfaces up yet.

So, if you issue an "ipsec status" command it returns nothing because the WAN interface and the GPRS interface are both down. Once the GPRS interface comes up (or the WAN interface), strongswan initiates the connection.

All good.

Cheers,

john