Hi Martin and Andreas, Hi all,
I found the IPsec tunnel will be "broken" unexpectly after a long time no data pass through it. And I have enabled DPD mechanism in ipsec.conf as followed: Keyingtries=%forever ... dpdaction=clear dpdtimeout=5m dpddelay=10 .... I only configured DPD on peer side. And when IPsec tunnel "broken", the "ipsec statusall" still work and the result indicate that the IPsec tunnel is still on work but I can not ping the server side from peer side. Did other guys encounter this problem? and How can I do something to make the IPsec tunnel high available? Best Regards, David _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users