Hi, In cases my tunnels don't establish due to some environment error, I would like to my VPN to continue trying to establish so that if the environment error is fixed, the tunnel will re-establish.
It seems that auto=start doesn't have this behavior, and if the peer doesn't respond, strongswan eventually gives up and enters a passive state. Is there some configuration that I missed? I tried adding a thread that periodically calls charon->controller->initiate(). However, sometimes this can cause two IKE_SAs (with appropriate CHILD_SAs) to get initiated. Since I have UNIQUE_REPLACE, the peer silently drops the first IKE_SA, causing a mismatch on the CHILD_SAs and then outgoing traffic gets blackholed. Shouldn't an IKE_SA establish with UNIQUE_REPLACE cause the dupliate IKE_SAs to get dropped also on the initiator side? Thanks, Noam
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
