On Tue, 20 Sep 2016, Madden, Joe wrote:

Just trying to resolve an issue we have with VPN’s disconnecting from a 
Stronswan client.

When I restart my end of the VPN the VPNs establish and operate fine. After a 
random amount of time with no apparent user action the some of the VPN tunnels 
will become “prospective

you didnt provide any logs, so we have no idea of what is actually
happening. Are they hanging up? Are you hanging up? Are they trying
to rekey to you? The only thing we know is that this is ikev1, so
it does not relate to rekeying without authentication.

        keylife=        60m
        ikelifetime=    480m

You could try and change these timings. An 1h IPsec SA lifetime is
pretty short - usually these are kept at 8h or 24h. It does not
matter too much other than that you can tweak these to determine
who gets to initiate the rekeying (whoever has the shortest keylife)

But check your logs to see what is going on when the failure is

Swan mailing list

Reply via email to