Hi,
Thank you all for responding. In my case, I don't think it was related
to having mulitple child SAs per connection. Most of my connections do,
but I found at least one case with only one child SA, where the problem
was present. In any case, I followed Tom's and Noel's advice and set
a
Hi,
That's because charon doesn't reestablish tunnels in any case, like pluto did.
Use auto=route, instead of auto=start.
An example of such a case is if the other peer deletes the iKE SA or CHILD SA
without establishing a new one at the same time.
You can have different IKE SAs for CHILD_SAs by
On Wed, Mar 07, 2018 at 10:52:54AM +0100, Martijn Grendelman wrote:
> I have been running StrongSwan on Debian Wheezy (with StrongSwan 4.5.2)
> for a long time.
[...]
> Last week, I upgraded the system to Debian Stretch (with StrongSwan
> 5.5.1), and since then, a number of tunnels (but not all of
Hi Tom,
Thank you, I will give that a try. I also updated StrongSwan to v5.6.2.
Let's see if it helps!
Best regards,
Martijn.
Op 7-3-2018 om 16:35 schreef Tom Rymes:
> Martin,
>
> I can't help with the more technical portions of your query, but I can
> confirm that using auto=route has proven to
Martin,
I can't help with the more technical portions of your query, but I can confirm
that using auto=route has proven to be more reliable than auto=start, as a
dropped tunnel seems more likely to be brought back up automatically.
I had asked specifically about that setting a few years ago, an
Hi,
I have been running StrongSwan on Debian Wheezy (with StrongSwan 4.5.2)
for a long time. We have about 70 ESP tunnels with 19 different
endpoints, most of them IKEv1. The setup has been rock solid for years,
with tunnel outages being extremely rare, and almost always the remote
side's fault.
