8904 questions

10557 answers


15947 members

0 votes
731 views 1 comments

We have been experiencing anomalies where stations in the field will sit disconnected for hours on end until we send a reboot even though the ping_reboot is setup.

I am testing in the lab here and have discovered on anomaly......

Strongswan (ipsec) was no running after a reboot.


entering in a /etc/init.d/ipsec restart gave me this:

root@CORS270:~# ipsec status

root@CORS270:~# /etc/init.d/ipsec restart

Stopping strongSwan IPsec failed: starter is not running

Starting weakSwan 5.6.2 IPsec [starter]...

!! Your strongswan.conf contains manual plugin load options for charon.

!! This is recommended for experts only, see

!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad

How can the unit bootup and ipsec not start?

After restarting ipsec the tunnel came up fine.

And why doesn't the reboot restart the unit after the timeouts?

This does not happen ALL THE TIME but it does happen.

Can someone tell me what I should check to ensure that IPSec does in fact start?

Do I need to write a script to check?

This is my rc.local file:

root@CORS270:~# cat /etc/rc.local

# Put your custom commands here that should be executed once

# the system init finished. By default this file does nothing.

ip tuntap add name tap0 mode tap

ip addr add brd + dev tap0

ip tunnel add SOI mode gre remote local ttl 255

ip link set SOI mtu 1400

ip link set SOI up

ip addr add peer brd + dev SOI

sleep 5

/etc/init.d/ipsec restart

sleep 10

ip route del

sleep 2

ip route add dev SOI

exit 0

Note that we need to use the tap0 interface to make the unit a drop-in-replacement for the Digi WR21.



I have continued testing and after another 3 reboots.....same issue, ipsec did not start after the reboot.

This is a real problem.



2 Answers

0 votes
Hi, in the VPN IPSEC settings, what did you select in the "On startup" menu?
0 votes
Hi All:

This turned out to NOT BE strongswan not starting but no external interfaces up yet.

So, if you issue an "ipsec status" command it returns nothing because the WAN interface and the GPRS interface are both down. Once the GPRS interface comes up (or the WAN interface), strongswan initiates the connection.

All good.