[strongSwan] had to manually up a connection

Thu Mar 5 12:03:18 CET 2020

Dear Colleagues,

There was a power outage, the Mikrotik router at home was powered off
for several hours. Then it was powered on again but there was no IPSec
SA from work (Strongswan) to home (Mikrotik).

I had to run "ipsec up home" at work to make things work again. Why did
the SA not start automatically when the Mikrotik became available again?

This is the relevant Strongswan config (yes the Strongswan at work is
behind NAT).

conn home
    auto=start
    authby=secret
    dpddelay=10s
    dpdaction=restart
    esp=aes256-sha1-modp2048
    ike=aes256-sha1-modp2048
    ikelifetime=1h
    lifetime=10m
    keyexchange=ikev2
    type=transport
    left=10.10.10.5
    right=y.y.y.y
    leftprotoport=47
    rightprotoport=47

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/