[strongSwan] "auto = try_again_later" on DNS problems?
Tobias Brunner
tobias at strongswan.org
Fri Jul 14 13:59:05 CEST 2017
Hi Harald,
> I tried both "auto = start"
You could set charon.retry_initiate_interval, then initiation will be
tried again if the DNS resolution failed.
> and "auto = route".
I pushed a change to the child-sa-rekeying branch that addresses this.
Unless %dynamic is used in the remote traffic selector (the default if
rightsubnet is not set) no remote address is needed when the trap policy
is installed during startup of the daemon. However, later the remote
address has obviously to be known to actually establish the SAs (if the
remote is not resolvable, the option above could again be enabled, but
with trap policies new acquires will be triggered anyway later when
traffic matches).
Regards,
Tobias
More information about the Users
mailing list