> Am 17.08.2022 um 12:11 schrieb
> noel.kuntze+strongswan-users-ml@thermi.consulting:
>
> Hi all,
>
> Regarding traps:
> All supported OS can do that. It's not special.
> Auto=start does not install these traps.
> If the tunnel is terminated you will not have any policies. Not even traps.
>
> Am 17.08.2022 um 10:41 schrieb
> noel.kuntze+strongswan-users-ml@thermi.consulting:
>
> Hi all,
>
> Dpd and nat keepalive only work on IKE layer, not on the CHILD_SAs that you
> want.
I didn’t tell in my first post, that I checked the SA dumps on both sides of a
nonworking tunnel using
> Am 17.08.2022 um 10:45 schrieb Michael Schwartzkopff :
>
> On 17.08.22 15:35, Dr. Rolf Jansen wrote:
>> I know what DPD is. Years ago, I used it with the old racoon of the
>> ipsec-tools then with IKEv1, and in racoon.conf I set the dpd_delay and let
>> it after dpd_maxfail call a script with
Hi all,
Dpd and nat keepalive only work on IKE layer, not on the CHILD_SAs that you
want.
Use auto=route, then bring up the tunnel manually once. Auto=route makes
strongswan install trap policies for the traffic. That should improve
reliability.
The newest release brought a new value for
I know what DPD is. Years ago, I used it with the old racoon of the ipsec-tools
then with IKEv1, and in racoon.conf I set the dpd_delay and let it after
dpd_maxfail call a script with the pahse1_dead argument.
Some times ago, I read the manual ipsec.conf of strongSwan, and I did not
realize
Hello,
The IKEv2 tunnels are established between device controllers in a remote pilot
plant in Spain, which is connected to the internet by a G4 mobile router, and
an AWS-EC2 instance in Frankfurt. On both sides strongSwan v5.9.6 is installed
and the OS is FreeBSD 13.0-RELEASE. Both sides are