[Swan] Fail to connect on reboot

Wed, 08 Sep 2021 12:24:53 -0700 

Hi,

I’ve found an issue that my tunnel is not up after I reboot my machine., if I 
connect via ssh restart ipsec it connects.. no errors. 

What I notice is that is because network is not enable yet, I mean, no dns to 
resolve the right address, form the logs I get:

[16:47:48][beelink][~]# systemctl status ipsec
● ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
   Loaded: loaded (/lib/systemd/system/ipsec.service; enabled; vendor preset: 
disabled)
   Active: active (running) since Wed 2021-09-08 16:46:24 CEST; 1min 25s ago
     Docs: man:ipsec(8)
           man:pluto(8)
           man:ipsec.conf(5)
 Main PID: 1224 (pluto)
   Status: "Startup completed."
    Tasks: 4 (limit: 4597)
   Memory: 11.8M
      CPU: 1.529s
   CGroup: /system.slice/ipsec.service
           └─1224 /usr/libexec/ipsec/pluto --leak-detective --config 
/etc/ipsec.conf --nofork

Sep 08 16:46:24 beelink pluto[1224]: "tunnel1": we cannot identify ourselves 
with either end of this connection.  192.168.1.60 or <unset-address> are not 
usable
Sep 08 16:46:24 beelink pluto[1224]: "tunnel1": failed to initiate connection
Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with length 60 
< 232 bytes; ignore message
Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with length 60 
< 232 bytes; ignore message
Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with length 60 
< 232 bytes; ignore message
Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with length 60 
< 232 bytes; ignore message
Sep 08 16:46:39 beelink pluto[1224]: netlink_acquire got message with length 52 
< 232 bytes; ignore message
Sep 08 16:46:39 beelink pluto[1224]: netlink_acquire got message with length 52 
< 232 bytes; ignore message
Sep 08 16:46:39 beelink pluto[1224]: netlink_acquire got message with length 36 
< 232 bytes; ignore message
Sep 08 16:47:24 beelink pluto[1224]: EXPECTATION FAILED: c->host_pair != ((void 
*)0) (connection_check_ddns1() +1141 programs/pluto/initiate.c)

To reproduce it, I’ve setup my machine to use DHCP address, the dhcp server is 
slow to reply the address, so ipsec start before I’ve a valid ip.  
If I set a static IP everything work as expected. 

Can we set the timeout to wait for a valid DNS/connection before it fails? 

Using libreswan v4.5 in debian buster. 


Thanks.


--
Saludos / Regards / Cumprimentos
António Silva





_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to