Thank you, Paul . My problem statement is actually a bit different. So I am trying to see how I can trigger opportunistic connection lets say if ip address gets moved to a different interface(basically failover) and src ip A moves from int A to int B. I tried reducing shuntlifetime but didn’t get success with that.
From: Paul Wouters <[email protected]> Date: Wednesday, July 10, 2024 at 8:56 AM To: Mamta Gambhir <[email protected]> Cc: [email protected] <[email protected]> Subject: [External] : Re: [Swan] IPsec service start mode On Wed, 10 Jul 2024, Mamta Gambhir via Swan wrote: > I am currently using implicit connections private-or-clear in opportunistic > mode.auto=route is set in .conf files for the > connections. > > I am just exploring the best way if any other than start up scripts (NM > dispatcher or udev rules) to start the service on > boot up Is there any option or possibility to add in config setup section so > ipsec service is started at boot as these > connections are done at IPsec startup only. auto=route is the same as auto=ondemand, so the tunnels will come up when packet flow triggers it. The ipsec service itself needs to be enabled for this to happen, eg systemctl --enable ipsec.service Once the ipsec service is started, it will load the opportunistic connections to trigger on demand. Paul
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
