[strongSwan] had to manually up a connection
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Thu Mar 5 16:01:56 CET 2020
Hello Victor,
You configured it to start, not to try to reinitiate. Use auto=route for the latter. It will try to reestablish when there's packets for it then though, not immediately.
Kind regards
Noel
Am 05.03.20 um 12:03 schrieb Victor Sudakov:
> Dear Colleagues,
>
> There was a power outage, the Mikrotik router at home was powered off
> for several hours. Then it was powered on again but there was no IPSec
> SA from work (Strongswan) to home (Mikrotik).
>
> I had to run "ipsec up home" at work to make things work again. Why did
> the SA not start automatically when the Mikrotik became available again?
>
> This is the relevant Strongswan config (yes the Strongswan at work is
> behind NAT).
>
> conn home
> auto=start
> authby=secret
> dpddelay=10s
> dpdaction=restart
> esp=aes256-sha1-modp2048
> ike=aes256-sha1-modp2048
> ikelifetime=1h
> lifetime=10m
> keyexchange=ikev2
> type=transport
> left=10.10.10.5
> right=y.y.y.y
> leftprotoport=47
> rightprotoport=47
>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200305/aec6f5cc/attachment.sig>
More information about the Users
mailing list