[strongSwan] always up VPN config

[Jeff]

I have requirements for a VPN which is always up. The initiator must
always be reachable from the responder. The initiator may not have a
static IP address.

I've seen recommendations for implementing this requirement on the
initiator using kernel trap, e.g.
"start_action = trap"

which also requires a separate process to keep the VPN up, with pings
from the local_ts to the remote_ts for example.

I am curious if the same goal may be met by the following ikev2, swanctl.conf :

inititator:
dpd_delay=60s
dpd_action = restart
start_action = start
close_action = start
keyingtries=0

responder:
dpd_action=clear
dpd_delay=60s

Initial testing shows this works without a separate initiator "ping"
process, which is attractive, but I'm sure there are many corner cases
I have not considered.

Will the above config create and maintain a stable VPN?

thanks,
Jeff