[strongSwan] Lots of reconnections for a rekey/reauth, and packet drops

Hoggins! hoggins at radiom.fr
Tue Dec 5 17:54:17 CET 2017


Actually, I might be ending here : https://wiki.strongswan.org/issues/2446
It looks really familiar.

Le 05/12/2017 à 16:26, Hoggins! a écrit :
> Hello Tobias,
>
> Le 05/12/2017 à 15:54, Tobias Brunner a écrit :
>> Using auto=start on both ends in combination with uniqueids=yes and
>> closeaction=restart is a bad idea.  If a duplicate SA is created and
>> that's detected and the duplicate is then closed this deletion will
>> again trigger another SA, causing another duplicate and so on.
>>
>> Regards,
>> Tobias
>>
> I see your point. The thing is now I have removed on both ends the
> closeaction=restart.
> In addition to that, should I use auto=route on both ends ?
>
> My last experience with auto=route unfortunately showed that it was "not
> working", meaning that no matter what I did to try to trigger tunnel
> creation by sending traffic to the other peer, the tunnel was never
> started automatically, hence the auto=start.
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171205/f219d00f/attachment.sig>


More information about the Users mailing list