Hi, I change the ipsec.service and added to it:
# check internet connectivity ExecStartPre=/bin/sh -c 'until ping -c1 1.1.1.1; do sleep 1; done;' This solves it, ipsec waits to have external connection to start. -- Saludos / Regards / Cumprimentos António Silva > On 8 Sep 2021, at 15:55, António Silva <[email protected]> wrote: > > Hi, > > I’ve found an issue that my tunnel is not up after I reboot my machine., if I > connect via ssh restart ipsec it connects.. no errors. > > What I notice is that is because network is not enable yet, I mean, no dns to > resolve the right address, form the logs I get: > > [16:47:48][beelink][~]# systemctl status ipsec > ● ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec > Loaded: loaded (/lib/systemd/system/ipsec.service; enabled; vendor preset: > disabled) > Active: active (running) since Wed 2021-09-08 16:46:24 CEST; 1min 25s ago > Docs: man:ipsec(8) > man:pluto(8) > man:ipsec.conf(5) > Main PID: 1224 (pluto) > Status: "Startup completed." > Tasks: 4 (limit: 4597) > Memory: 11.8M > CPU: 1.529s > CGroup: /system.slice/ipsec.service > └─1224 /usr/libexec/ipsec/pluto --leak-detective --config > /etc/ipsec.conf --nofork > > Sep 08 16:46:24 beelink pluto[1224]: "tunnel1": we cannot identify ourselves > with either end of this connection. 192.168.1.60 or <unset-address> are not > usable > Sep 08 16:46:24 beelink pluto[1224]: "tunnel1": failed to initiate connection > Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with length > 60 < 232 bytes; ignore message > Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with length > 60 < 232 bytes; ignore message > Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with length > 60 < 232 bytes; ignore message > Sep 08 16:46:26 beelink pluto[1224]: netlink_acquire got message with length > 60 < 232 bytes; ignore message > Sep 08 16:46:39 beelink pluto[1224]: netlink_acquire got message with length > 52 < 232 bytes; ignore message > Sep 08 16:46:39 beelink pluto[1224]: netlink_acquire got message with length > 52 < 232 bytes; ignore message > Sep 08 16:46:39 beelink pluto[1224]: netlink_acquire got message with length > 36 < 232 bytes; ignore message > Sep 08 16:47:24 beelink pluto[1224]: EXPECTATION FAILED: c->host_pair != > ((void *)0) (connection_check_ddns1() +1141 programs/pluto/initiate.c) > > To reproduce it, I’ve setup my machine to use DHCP address, the dhcp server > is slow to reply the address, so ipsec start before I’ve a valid ip. > If I set a static IP everything work as expected. > > Can we set the timeout to wait for a valid DNS/connection before it fails? > > Using libreswan v4.5 in debian buster. > > > Thanks. > > > -- > Saludos / Regards / Cumprimentos > António Silva > > > > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
