[strongSwan] Establishing CHILD_SA after one end of ipsec tunnel reboots
Michael C. Cambria
mcc at fid4.com
Tue Dec 16 21:27:55 CET 2014
Hi,
I'm looking for info on allowing a site to site IPsec tunnel to be
re-established after an outage (e.g. one end of the tunnel reboots.)
On the surviving end, the IKEv2 SA looks like it detected the dead peer
("Tasks active: IKE_DPD")
Once the rebooting system recovers, a new IKEv2 SA is established.
But a new CHILD_SA cannot be created for some time. Are there any
configuration parameters related to when a new SA can be established?
Thanks,
MikeC
More information about the Users
mailing list