[strongSwan] had to manually up a connection
Tobias Brunner
tobias at strongswan.org
Fri Mar 6 11:47:41 CET 2020
Hi Victor,
> That could be the case, thanks for the hint. Strongswan could have made 3
> attempts after detecing a dead peer and given up, is that what you
> imply?
Yes.
> What's the timeout between keyingtries?
No timeout between them, regular retransmission timeouts apply for each
attempt.
> And why is
> `keyingtries=%forever` not the default?
Who knows, legacy reasons maybe (on the other hand, the default is 1 now
with swanctl.conf).
> Is there no need for `keyingtries=%forever` in the `auto=route` mode?
Further traffic will trigger another acquire (it might even cause
duplicate SAs if a retry occurs while traffic triggers another acquire
from the kernel).
Regards,
Tobias
More information about the Users
mailing list