[strongSwan] Problem with 'auto=start' on unused SA

[Romain Francoise]

On Thu, Jul 31, 2014 at 09:42:07AM +0200, Martin Willi wrote:
> For always-up tunnels, I usually recommend to use auto=route. This makes
> sure no matching traffic leaves unencrypted, and the kernel will trigger
> a new SA should an existing one fail for whatever reason.

With the caveat that the packet which springs the trap is lost, at least
in current versions of Linux.