[strongSwan] had to manually up a connection
Victor Sudakov
vas at sibptus.ru
Fri Mar 6 11:30:41 CET 2020
Tobias Brunner wrote:
>
> > I'd like to understand why.
>
> Then read the log. What's definitely missing from your config is
> `keyingtries=%forever`.
That could be the case, thanks for the hint. Strongswan could have made 3
attempts after detecing a dead peer and given up, is that what you
imply?
What's the timeout between keyingtries? And why is
`keyingtries=%forever` not the default?
> And there could have been a fatal error, after
> which no further attempts will be made at all. Also, using `auto=route`
> (with `dpdaction=clear`) would also recreate the SA if matching traffic
> occurs.
Is there no need for `keyingtries=%forever` in the `auto=route` mode?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200306/5c820548/attachment.sig>
More information about the Users
mailing list