Hi, Configure your own side with lower reauth and rekey times than the other peer. Currently the other peer tries to reauth which fails because you're using the insecure aggressive mode. strongSwan by default rejects other peers' authentication requests if they're using aggressive mode. A reauthentication is basically creating a new IKE_SA from scratch, so that behavior applies.
Just configure your client with lower rekey and reauth times. That's simpler than globally enabling aggressive mode. Kind regards Noel Am October 16, 2020 11:09:29 AM UTC schrieb Chris Smith <space.da...@icloud.com>: >Hi, > >[re-sending with trimmed down charon.log to fit mailing list size >limits.] > >I have a VPN connection which is generally stable, but occasionally >(2-3 times per day) will drop out for a short period after what seems >to be some disagreement between client and server. The logs attached >show an example of this, where the connection fails around 18:24:35 and >is restored around a minute later. > >I’m using strongSwan 5.7.2 on the client. I have no information or >control over what is running on the server. > >I’d be grateful for any clues as to exactly what is happening and how >to correct it. > >Regards, >Chris >— >Chris Smith <space.da...@icloud.com> -- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
