sunknudsen

Asked: 2020-05-03 04:39:59 +0800 CST2020-05-03 04:39:59 +0800 CST 2020-05-03 04:39:59 +0800 CST

strongSwan client does not retry connecting to VPN server after the server has rebooted

772

Here’s my current ipsec.conf.

What do I need to change to make sure the client retries connecting to server indefinitely.

$ cat /etc/ipsec.conf

conn %default
    ike=aes256gcm16-sha384-modp3072!
    esp=aes256gcm16-sha384-modp3072!

conn ikev2
    auto=start
    dpdaction=restart
    closeaction=restart
    keyingtries=%forever
    [email protected]
    leftsourceip=%config
    leftauth=eap-tls
    leftcert=vpn-client.crt
    right=159.203.26.109
    rightid=my-vpn.com
    rightsubnet=0.0.0.0/0
    rightauth=pubkey

1 Answers

Voted

Best Answer

sunknudsen

2020-05-25T03:06:12+08:002020-05-25T03:06:12+08:00

The following strategy makes sure the connection is always established.

$ vi /usr/local/sbin/monitor.sh
#!/bin/bash

if ipsec status | grep --quiet ESTABLISHED
then
  echo "strongSwan connection is established"
else
  echo "strongSwan connection is not established, restarting..."
  ipsec restart
fi

$ chmod +x /usr/local/sbin/monitor.sh

$ vi /etc/crontab
* * * * * root /usr/local/sbin/monitor.sh > /dev/null 2>&1 &

2

Web Analytics Made Easy - Statcounter