[strongSwan-dev] Auto-recovery
Noam Lampert
lampert at google.com
Wed Nov 26 14:34:27 CET 2014
Hi,
In cases my tunnels don't establish due to some environment error, I would
like to my VPN to continue trying to establish so that if the environment
error is fixed, the tunnel will re-establish.
It seems that auto=start doesn't have this behavior, and if the peer
doesn't respond, strongswan eventually gives up and enters a passive state.
Is there some configuration that I missed?
I tried adding a thread that periodically calls
charon->controller->initiate(). However, sometimes this can cause two
IKE_SAs (with appropriate CHILD_SAs) to get initiated. Since I have
UNIQUE_REPLACE, the peer silently drops the first IKE_SA, causing a
mismatch on the CHILD_SAs and then outgoing traffic gets blackholed.
Shouldn't an IKE_SA establish with UNIQUE_REPLACE cause the dupliate
IKE_SAs to get dropped also on the initiator side?
Thanks,
Noam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20141126/6ac00c39/attachment.html>
More information about the Dev
mailing list