[strongSwan] Intermittent drop-out of VPN connection

Chris Smith space.dandy at icloud.com
Mon Oct 19 13:30:55 CEST 2020


Hi Noel,

I’ve made those changes and it seems to have resolved my issue.  Thanks for your help.

Regards,
Chris
—
Chris Smith <space.dandy at icloud.com>


> On 17 Oct 2020, at 14:35, Noel Kuntze <noel.kuntze at thermi.consulting> wrote:
> 
> Hi,
> 
> Configure your own side with lower reauth and rekey times than the other peer.
> Currently the other peer tries to reauth which fails because you're using the insecure aggressive mode. strongSwan by default rejects other peers' authentication requests if they're using aggressive mode.
> A reauthentication is basically creating a new IKE_SA from scratch, so that behavior applies.
> 
> Just configure your client with lower rekey and reauth times. That's simpler than globally enabling aggressive mode.
> 
> Kind regards
> 
> Noel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20201019/2af300c0/attachment.html>


More information about the Users mailing list