1

I have a connection configured on my libreswan instance on two machines.

The connection start automatically when I start the pluto daemon, I have try other settings, but the connection also starts if I do a ping and the service is up, however, I want it to remain disable until I explicitly tell it to be up ipsec auto --up <name>, is it posible?

Also, once the connection is started, there is no way to shut it down, ipsec auto --down <name> appears to do nothing since the connection is started again automatically a few seconds after the command, how can I shut it down until I want it up again?

Thanks for your help

EDIT:

This is the connection File

/etc/ipsec.d/host_to_host.conf
_________________________________________________________
    conn h2h
    leftid=@a
    left=192.168.137.14
    leftrsasigkey=****
    rightid=@b
    right=192.168.1.45
    rightrsasigkey=****
    authby=rsasig
    auto=ondemand
3
  • Does stopping pluto not down the connection? It does in my case.
    – EEAA
    Commented Jan 11, 2016 at 13:20
  • @EEAA If I use down on host a, the connection will be down, however it can happen two things, the connection will start automatically again in a few seconds, or I can no longer connect host b at all (no ping response)
    – Colanta
    Commented Jan 11, 2016 at 13:25
  • What about stopping Pluto, as I asked? If pluto is down, there is no way for the connection tot be re-established, as IKE can't happen.
    – EEAA
    Commented Jan 11, 2016 at 13:28

1 Answer 1

2

auto=ondemand means "trigger when there is a need for the tunnel based on a packet". So it will load and wait on the first packet, then bring up the tunnel.

If you only want to bring it up manually, use auto=add. If you want to have it always on, use auto=start

1
  • 1
    Hello, Thanks for your help that solve the start issue, but do you know how to end the connection? For example, i stop the service, or use down on one host and i lost conectivity until I stop the service on the other side, or reboot the hosts
    – Colanta
    Commented Jan 21, 2016 at 14:14

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .