Comment 2 for bug 1751379

I've ended up with a combination of a leftupdown script which is modified to not unconfigure the interface, plus a cron job which checks the output of birdc show protocols all and runs ipsec auto --down [tunnelname] then waits ten seconds and runs ipsec auto --up [tunnelname] if bird reports a failure, which finally seems to be an adequate workaround for achieving a reasonable approximation the desired stability.

That cron job is relatively recent, and I have not done testing to determine whether the cron job makes the modified leftupdown script obsolete.

An earlier version of the cron job relied on looking at the output of ipsec status to determine whether a tunnel was working, and in some cases that led to the script not restarting a tunnel that needed to be restarted.

The startup at boot order problem mentioned in this bug report has not occurred recently.