Thanks Paul. My tunnels are auto=start but the connection did not come back by itself. This is where my ipsec.log sat until I rebooted the host (didn't try just restarting ipsec).
2015-04-30T13:00:24.416058+00:00 vpnhost pluto[27203]: nss directory plutomain: /etc/ipsec.d 2015-04-30T13:00:24.465400+00:00 vpnhost pluto[27203]: NSS Initialized 2015-04-30T13:00:24.465843+00:00 vpnhost pluto[27203]: libcap-ng support [enabled] 2015-04-30T13:00:24.544242+00:00 vpnhost pluto[27203]: FIPS HMAC integrity verification test passed 2015-04-30T13:00:24.544672+00:00 vpnhost pluto[27203]: FIPS: pluto daemon NOT running in FIPS mode 2015-04-30T13:00:24.545061+00:00 vpnhost pluto[27203]: Linux audit support [enabled] 2015-04-30T13:00:24.545633+00:00 vpnhost pluto[27203]: Linux audit activated 2015-04-30T13:00:24.546025+00:00 vpnhost pluto[27203]: Starting Pluto (Libreswan Version 3.12 XFRM(netkey) KLIPS NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER KLIPS_MAST CURL(non-NSS) LDAP(non-NSS)) pid:27203 2015-04-30T13:00:24.546416+00:00 vpnhost pluto[27203]: core dump dir: /var/run/pluto 2015-04-30T13:00:24.546772+00:00 vpnhost pluto[27203]: secrets file: /etc/ipsec.secrets 2015-04-30T13:00:24.547144+00:00 vpnhost pluto[27203]: leak-detective disabled 2015-04-30T13:00:24.547532+00:00 vpnhost pluto[27203]: SAref support [disabled]: Protocol not available 2015-04-30T13:00:24.547898+00:00 vpnhost pluto[27203]: SAbind support [disabled]: Protocol not available 2015-04-30T13:00:24.548320+00:00 vpnhost pluto[27203]: NSS crypto [enabled] 2015-04-30T13:00:24.549756+00:00 vpnhost pluto[27203]: XAUTH PAM support [enabled] 2015-04-30T13:00:24.550121+00:00 vpnhost pluto[27203]: NAT-Traversal support [enabled] 2015-04-30T13:00:24.550513+00:00 vpnhost pluto[27203]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok 2015-04-30T13:00:24.550894+00:00 vpnhost pluto[27203]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok 2015-04-30T13:00:24.551292+00:00 vpnhost pluto[27203]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok 2015-04-30T13:00:24.551644+00:00 vpnhost pluto[27203]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok 2015-04-30T13:00:24.551992+00:00 vpnhost pluto[27203]: ike_alg_register_enc(): Activating OAKLEY_AES_CTR: Ok 2015-04-30T13:00:24.552392+00:00 vpnhost pluto[27203]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_A: Ok 2015-04-30T13:00:24.552782+00:00 vpnhost pluto[27203]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_B: Ok 2015-04-30T13:00:24.553153+00:00 vpnhost pluto[27203]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_C: Ok 2015-04-30T13:00:24.553527+00:00 vpnhost pluto[27203]: ike_alg_register_hash(): Activating DISABLED-OAKLEY_AES_XCBC: Ok 2015-04-30T13:00:24.554358+00:00 vpnhost pluto[27203]: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CBC: Ok 2015-04-30T13:00:24.554755+00:00 vpnhost pluto[27203]: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CTR: Ok 2015-04-30T13:00:24.555121+00:00 vpnhost pluto[27203]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok 2015-04-30T13:00:24.555540+00:00 vpnhost pluto[27203]: ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok 2015-04-30T13:00:24.555925+00:00 vpnhost pluto[27203]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok 2015-04-30T13:00:24.556352+00:00 vpnhost pluto[27203]: starting up 1 crypto helpers 2015-04-30T13:00:24.556735+00:00 vpnhost pluto[27203]: started thread for crypto helper 0 (master fd 6) 2015-04-30T13:00:24.557117+00:00 vpnhost pluto[27203]: Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-123.20.1.el7.x86_64 2015-04-30T13:00:24.557512+00:00 vpnhost pluto[27203]: ike_alg_register_enc(): Activating aes_ccm_8: Ok 2015-04-30T13:00:24.557904+00:00 vpnhost pluto[27203]: ike_alg_register_enc(): Activating aes_ccm_12: Ok 2015-04-30T13:00:24.558291+00:00 vpnhost pluto[27203]: ike_alg_register_enc(): Activating aes_ccm_16: Ok 2015-04-30T13:00:24.587885+00:00 vpnhost pluto[27203]: | selinux support is NOT enabled. 2015-04-30T13:00:25.093206+00:00 vpnhost pluto[1047]: ADNS process terminated by signal 15 On Thu, Apr 30, 2015 at 8:24 AM, Paul Wouters <[email protected]> wrote: > On Thu, 30 Apr 2015, David M wrote: > > I did a yum update on a CentOS 7 host running libreswan and my tunnel was >> terminated at this part of the process: >> >> Cleanup : libreswan-3.8-6.el7_0.x86_64 >> 247/453 >> >> I accessed the remote console and rebooted to complete the process and my >> tunnels are working again. >> >> I don't recall this happening with previous updates. >> >> Is this expected behavior? >> > > Unfortunately, when we restart we cannot save & restore the current > tunnels. So a daemon restart will lose all existing tunnel state. But if > your tunnels are auto=start, those should come back up automatically. > > Road warriors will have to reconnect on their own. > > In the future, we would like to be able to save & restore the state, > also so we can save and send over the state to a failover instance. > > Paul >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
