I have a VPN initiator which was unable to bring up a VPN to my responder host. The intitiator-host is configured to start the VPN using a kernel trap. I have a vpn-keep-alive process which periodically pings an IP on remote_ts to bring up VPN. The initiator public IP is a DHCP client connected to a cable modem with the curious behavior of assigning local IP 192.168.100.20 for 5 minutes after modem power up, then assigns a working public IP xx.xx.159.30.
Despite the periodic pinging, the VPN did not come up. Manually intervention bringing up the VPN with "swanctl --initiate" immediately brought the VPN up. However, I need the VPN to come up automatically. The following log entries are quite interesting: Oct 23 19:02:35 responder-hostname charon-systemd: unable to install source route for 10.16.0.1 ... Oct 23 19:03:50 responder-hostname charon-systemd: 192.168.100.20 disappeared from enp3s0 ... Oct 23 19:06:04 responder-hostname charon-systemd: xx.xx.159.30 appeared on enp3s0 my configuration: public interface enp3s0, DHCP client local_ts = 10.16.0.1 CentOS Linux strongSwan rpm: strongswan-5.5.3-1.el7.x86_64 I have attached my initiator log file and swanctl.conf. I am looking for guidance crafting an initiator swanct.conf to automatically bring up the VPN for this situation. thanks, Jeff
syslog-strongswan
Description: Binary data
swanctl.conf
Description: Binary data
