[strongSwan] had to manually up a connection
Victor Sudakov
vas at sibptus.ru
Fri Mar 6 11:56:31 CET 2020
Tobias Brunner wrote:
>
> > That could be the case, thanks for the hint. Strongswan could have made 3
> > attempts after detecing a dead peer and given up, is that what you
> > imply?
>
> Yes.
>
> > What's the timeout between keyingtries?
>
> No timeout between them, regular retransmission timeouts apply for each
> attempt.
>
> > And why is
> > `keyingtries=%forever` not the default?
>
> Who knows, legacy reasons maybe (on the other hand, the default is 1 now
> with swanctl.conf).
>
> > Is there no need for `keyingtries=%forever` in the `auto=route` mode?
>
> Further traffic will trigger another acquire (it might even cause
> duplicate SAs if a retry occurs while traffic triggers another acquire
> from the kernel).
Thank you very much Tobias, I've learned a lot from this conversation.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200306/a7b7fdbf/attachment.sig>
More information about the Users
mailing list