主页 / server / 问题 / 1015312
Accepted
sunknudsen
Asked: 2020-05-03 04:39:59 +0800 CST

strongSwan 客户端在服务器重新启动后不会重试连接到 VPN 服务器

  • 772

这是我当前的ipsec.conf.

我需要更改什么以确保客户端无限期地重试连接到服务器。

$ cat /etc/ipsec.conf

conn %default
    ike=aes256gcm16-sha384-modp3072!
    esp=aes256gcm16-sha384-modp3072!

conn ikev2
    auto=start
    dpdaction=restart
    closeaction=restart
    keyingtries=%forever
    [email protected]
    leftsourceip=%config
    leftauth=eap-tls
    leftcert=vpn-client.crt
    right=159.203.26.109
    rightid=my-vpn.com
    rightsubnet=0.0.0.0/0
    rightauth=pubkey
ipsec strongswan

1 个回答

  1. Best Answer

    以下策略可确保始终建立连接。

    $ vi /usr/local/sbin/monitor.sh
#!/bin/bash

if ipsec status | grep --quiet ESTABLISHED
then
  echo "strongSwan connection is established"
else
  echo "strongSwan connection is not established, restarting..."
  ipsec restart
fi

$ chmod +x /usr/local/sbin/monitor.sh

$ vi /etc/crontab
* * * * * root /usr/local/sbin/monitor.sh > /dev/null 2>&1 &
    • 2

相关问题