[strongSwan] had to manually up a connection
Victor Sudakov
vas at sibptus.ru
Tue Mar 10 03:49:18 CET 2020
Felipe Polanco wrote:
> I always use auto=route or start_action=trap and just keep a ping
> running in the background for critical UDP traffic.
>
> I know it's a poor's man solution but guarantees the connection is always
> up.
Does this not cause excessive SAs piling up? I've seen a similar
problem with Strongswan on my side and a MikroTik on the remote side:
too many excessive SAs in "ipsec status" output and in MikroTik's
management console.
My theory was that each trapped packet causes a new SA to be
attempted/generated until some limit is hit or some resource is
exhausted.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
More information about the Users
mailing list