Yet again, the fortigate router reconnected to Strongswan on it's own
without manual intervention 12 minutes after the other sides public IP
changed... Strongswan won't connect even manually.
Den 2017-06-19 kl. 08:47, skrev Dusan Ilic:
Okey, today it happened again, new IP on one end of tunn
Okey, today it happened again, new IP on one end of tunnel and updated
in DNS. Pinging the new IP from both sides shows it resolves correctly,
restarting Strongswan on both sides and the same issue as before. (last
time it started to work on the evening same day)
generating IKE_SA_INIT request
Hello Pete,
The rightsourceip value does not pertain this problem and neither does the
MASQUERADE rule.
It is coincidence that it didn't happen now. Anyway, just blindling SNATing all
the connections
from your clients isn't a smart thing to do. You only have to NAT traffic to
the internet, not
Hi Peter
> So, am I correct to assume that you guys usually evaluate the output
> of `ipsec statusall`
Preferably I'd do that over vici [1], as it provides a much better
interface for various languages to query tunnel status or re-initiate
tunnels.
> Do you simply send pings to remote systems "b
Hi Noel,
Thanks for taking the time to read my message and send a reply. The
output of `iptables-save` included this line:
-A POSTROUTING -s 10.11.0.0/16 -o eth0 -j MASQUERADE
Replacing it with the line below, to match the netblock of the
rightsourceip value, seems to have fixed the issue: