If your IP changes interface, call “ipsec whack —listen” to update it.
Sent using a virtual keyboard on a phone > On Jul 11, 2024, at 14:06, Mamta Gambhir <[email protected]> wrote: > > > Thank you, Paul . My problem statement is actually a bit different. > So I am trying to see how I can trigger opportunistic connection lets say if > ip address gets moved to a different interface(basically failover) and src ip > A moves from int A to int B. I tried reducing shuntlifetime but didn’t get > success with that. > > From: Paul Wouters <[email protected]> > Date: Wednesday, July 10, 2024 at 8:56 AM > To: Mamta Gambhir <[email protected]> > Cc: [email protected] <[email protected]> > Subject: [External] : Re: [Swan] IPsec service start mode > > On Wed, 10 Jul 2024, Mamta Gambhir via Swan wrote: > > > I am currently using implicit connections private-or-clear in opportunistic > > mode.auto=route is set in .conf files for the > > connections. > > > > I am just exploring the best way if any other than start up scripts (NM > > dispatcher or udev rules) to start the service on > > boot up Is there any option or possibility to add in config setup section > > so ipsec service is started at boot as these > > connections are done at IPsec startup only. > > auto=route is the same as auto=ondemand, so the tunnels will come up > when packet flow triggers it. The ipsec service itself needs to > be enabled for this to happen, eg systemctl --enable ipsec.service > > Once the ipsec service is started, it will load the opportunistic > connections to trigger on demand. > > Paul
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
