Swanctl keeps on disconnecting after a short time of being idle.

[SW1TCH0NY0U]

My config:

swanctl:

connections {
privado {
version = 2

proposals = aes192gcm16-aes128gcm16-prfsha256-ecp256-ecp521,aes192-sha256-modp3072,default
local_addrs = "%defaultroute"
remote_addrs = ams-001.vpn.privado.io
vips=0.0.0.0,::

local {
auth = eap-mschapv2
eap_id = username
}
remote {
auth = pubkey

cacerts=/etc/swanctl/NordVPN.pem ### nordvpn cert

id = "%any"
}

children {
privado {
remote_ts = 0.0.0.0/0,::
updown = /etc/vpn
if_id_out = %unique
if_id_in = %unique
rekey_time = 0s
dpd_action = restart
esp_proposals = aes192gcm16-aes128gcm16-prfsha256-ecp256-modp3072,aes192-sha256-ecp256-modp3072,default
start_action = start
}
}
}
}
secrets {
eap-mschapv2 {
id = username
secret = password
}
}

include conf.d/*.conf

/etc/vpn:

set charon.install_virtual_ip = no to prevent the daemon from also installing the VIP

sh /etc/route &

set -o nounset
set -o errexit

VTI_IF="Virt0"

case "${PLUTO_VERB}" in
up-client)
ip link add "${VTI_IF}" type xfrm dev eth0
if_id "${PLUTO_IF_ID_OUT}"
#ip addr add 10.99.12.1/32 dev "${VTI_IF}"
ip addr add "${PLUTO_MY_SOURCEIP}" dev "${VTI_IF}"
ip link set "${VTI_IF}" mtu 1200
ip link set "${VTI_IF}" up
#ip route add "${PLUTO_MY_SOURCEIP}" dev "${VTI_IF}"
sysctl -w "net.ipv4.conf.${VTI_IF}.disable_policy=1"
ip rule add from "${PLUTO_MY_SOURCEIP}" lookup vpnout
ip route add default dev "${VTI_IF}" table vpnout

;;
down-client)
ip link del "${VTI_IF}"
;;
esac

/etc/route

sleep 4
ip route add 10.0.0.1/32 dev wg0 table vpnout
ip rule add from 10.0.0.1/32 table vpnout
ip rule add to 10.0.0.1/32 table vpnout

constraints:

constraints {

# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = no

}

ipsec. secrets:

This file holds shared secrets or RSA private keys for authentication.

RSA private key for this host, authenticating it to any other host

which knows the public part.

username : EAP password

I reboot, swanctl autostarts but after being idle, it disconnects. I can bring it back up with:

sudo swanctl --load-all
sudo swanctl -i -c privado

How can I stop it from disconnecting?
I've tried everything I can think of!

[tobiasbrunner]

Please updated your post and provide logs that show what's actually happening (see #196). (And you could fix the formatting as well.)

[SW1TCH0NY0U]

Where do you want the log uploaded to?
It's too big for Github and too big for debian's paste.

[SW1TCH0NY0U]

Where do I put this?

"dpdaction = restart"

In /etc/swanctl/swanctl.conf OR /etc/strongwan.conf?

[SW1TCH0NY0U]

loading connection 'privado' failed: unknown option: closeaction, config discarded

[SW1TCH0NY0U]

Added this:

strongswan.conf - strongSwan configuration file

Refer to the strongswan.conf(5) manpage for details

Configuration changes should be made in the included files

charon {
load_modular = no
threads = 16
force_keepalive = yes
keep_alive = 30
dpdaction = restart
closeaction = restart
plugins {
include strongswan.d/charon/*.conf
}
start-scripts {
load-all = /usr/sbin/swanctl --load-all
}
}

charon {

two defined file loggers

filelog {
charon {
# path to the log file, specify this as section name in versions prior to 5.7.0
path = /var/log/charon.log
# add a timestamp prefix
time_format = %b %e %T
# prepend connection name, simplifies grepping
ike_name = yes
# overwrite existing files
append = no
# increase default loglevel for all daemon subsystems
default = 2
# flush each line to disk
flush_line = yes
}
stderr {
# more detailed loglevel for a specific subsystem, overriding the
# default loglevel.
ike = 2
knl = 3
}
}

and two loggers using syslog

syslog {
# prefix for each log message
identifier = charon-custom
# use default settings to log to the LOG_DAEMON facility
daemon {
}
# very minimalistic IKE auditing logs to LOG_AUTHPRIV
auth {
default = -1
ike = 0
}
}

...

}

include strongswan.d/*.conf

[SW1TCH0NY0U]

Seems to be "up" and I'll idle for 10 minutes or so to see if it disconnects.
Sorry if I came off the wrong way, been having this issue for a while hence the thread on Github. 👯

[SW1TCH0NY0U]

Seems to be staying up. No disconnections yet. Thanks 💯😊

[SW1TCH0NY0U]

Hi, it's still disconnecting. I'll try and post logs.

…

On Mon, 15 Apr 2024, 6:26 pm Tobias Brunner, ***@***.***> wrote: Sorry, but why should I or anybody else do your work? — Reply to this email directly, view it on GitHub <#2212 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BGCCBNTKXII7CGI5RXL7GO3Y5QETXAVCNFSM6AAAAABGG6GOHSVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4TCMRRGI3TE> . You are receiving this because you authored the thread.Message ID: ***@***.***>