[strongSwan] OPNsense - phase 2 SAs being dropped for no apparent reason

[Tobias Brunner]

Hi Patrick,

> The phase 1 entries are all set to "start immediately" - these are all 24x7
> pre-configured connections, though we use IKE, of course, and not manual SPDs.

If there always is outbound traffic from your side, change the config to 
something that results in auto=route instead of auto=start, so the 
tunnel will automatically get (re-)created on matching traffic.  But 
investigating why it gets closed by the peer in the first place might 
also be worthwhile (might be some inactivity timeout, which would 
contradict the "always traffic" claim, or an issue during rekeying - 
you'll have to analyze the logs).

Regards,
Tobias