Hi, > clients will not try to reestablish the connection anytime soon. Can > this behavior be changed There is a daemon-internal "close action" in charon that tries to reestablish remotely closed tunnels. It has no directly mapped ipsec.conf option, but setting dpdaction=restart will implicitly set the "close action", too. Regards Martin