[strongSwan] Persistent SA's
Martin Willi
martin at strongswan.org
Tue Oct 2 09:13:29 CEST 2012
Hi Kimmo,
> The question is, how to improve Server 1 ipsec.conf to be able to keep
> SA's up always without manual interaction? I don't have access to
> server 2.
For always-up tunnels, I usually prefer to install trap policies that
automatically re-establish the tunnel if it should fail for whatever
reason:
closeaction=close
dpdaction=close
auto=route
You'll have to send some traffic to trigger the tunnel initially. But
the trap policy will stay installed and make sure your tunnel does, too.
Regards
Martin
More information about the Users
mailing list