[strongSwan] Problem with 'auto=start' on unused SA

[Martin Willi]

> As far as I understand, there is no way to keep a tunnel up and running
> forever?

A tunnel can fail for many reasons, and auto=start only takes care for
initiating the tunnel during startup.

For always-up tunnels, I usually recommend to use auto=route. This makes
sure no matching traffic leaves unencrypted, and the kernel will trigger
a new SA should an existing one fail for whatever reason.

Regards
Martin