Hi Dan, > I’m using the Mac OS X widget to connect to a VPN, version 5.2.1 (1).
> Sometimes, the VPN goes down. The tail of the log from such an event > is included at the bottom of this e-mail. > generating CREATE_CHILD_SA request 451 [ SA No KE ] > sending packet: from 192.168.0.8[56570] to x.x.x.x[4500] (1116 bytes) > retransmit 1 of request with message ID 451 > [...] > giving up after 5 retransmits > rekeying IKE_SA failed, peer not responding Looks like your gateway gets unreachable or does not respond to the IKE_SA rekeying attempt. Most likely a connectivity problem of that client? > Assuming that sometimes the VPN will go down for whatever reason, is > there a way to get at the strongSwan components from bash? The OS X GUI talks to the backend daemon over an XPC protocol; but an external application can not access that private channel. There is currently no interface that could be used. Probably it would make sense to handle these things in the daemon itself, by a DPD restart action and optionally a more aggressive DPD checking. Alternatively we could intercept that event in the GUI, and let the user decide what to do. Having a "scripting-interface" is certainly not that trivial. One could build upon vici [1] (and the new Ruby bindings?) for that, but you can't control the GUI or the configurations provided by it using that interface. Also note that the daemon provided by the OS X App does not have vici enabled. Regards Martin [1]https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
