[strongSwan] "auto = try_again_later" on DNS problems?
Harald Dunkel
harald.dunkel at aixigo.de
Tue Jul 18 16:00:07 CEST 2017
Hi Tobias,
On Fri, 14 Jul 2017 13:59:05 +0200
Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Harald,
>
> > I tried both "auto = start"
>
> You could set charon.retry_initiate_interval, then initiation will be
> tried again if the DNS resolution failed.
>
Sorry, my bad. I had expected some connection specific config
option, so I didn't look at the global options.
> > and "auto = route".
>
> I pushed a change to the child-sa-rekeying branch that addresses this.
> Unless %dynamic is used in the remote traffic selector (the default if
> rightsubnet is not set) no remote address is needed when the trap policy
> is installed during startup of the daemon. However, later the remote
> address has obviously to be known to actually establish the SAs (if the
> remote is not resolvable, the option above could again be enabled, but
> with trap policies new acquires will be triggered anyway later when
> traffic matches).
>
Thats very interesting. I will try.
Thanx very much
Harri
More information about the Users
mailing list