[Openswan Users] Openswan not updating routing tables after connection restart
users-bounces at lists.openswan.org
users-bounces at lists.openswan.org
Wed May 18 09:37:30 EDT 2016
Rescued from the spam bucket. Please remember to subscribe to the mailing list before posting to it.
From: aleksi kallio <almikale at gmail.com>
Subject: Openswan not updating routing tables after connection restart
Date: May 18, 2016 at 9:37:27 AM EDT
To: users at lists.openswan.org
Hi,
I’m having issues with openswan vpn-client. When vpn-tunnel is first established the connection works fine. If the vpn-server reboots, openswan seems to delete the connection from client machines routing tables. After the vpn-server is rebooted, the tunnel is re-established correctly, but nothing goes through it, because openswan doesn’t update the routing table of the client machine. If I manually add the vpn-connection to the routing tables with ip route add, the connection works fine again.
I’ve tried different dpd-actions and timeouts, and I’ve removed all the rules from the firewall of the client machine, but nothing seems to work.
What causes openswan not to update routing tables after vpn-connection is re-established?
Here is the /etc/ipsec.conf of the client machine:
version 2.0
config setup
plutodebug="none"
nat_traversal=yes
keep_alive=15
force_keepalive=yes
protostack=auto
conn home
left=%defaultroute
leftsubnet=...
leftsourceip=...
leftcert=client.crt
right=...
rightsubnet=...
rightrsasigkey=%cert
rightcert=server.crt
rightid=%fromcert
authby=rsasig
#Phase 1
keyexchange=ike
ike=aes256-sha1
#Phase 2
phase2alg=aes256-sha1
keylife=28800s
rekeymargin=540s
rekeyfuzz=100%
dpddelay=5
dpdtimeout=10
dpdaction=restart
forceencaps=yes
auto=start
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160518/3b7f9b9b/attachment-0001.html>
More information about the Users
mailing list