Thanks for the reply.
I'll change the key values to the longer ones and monitor to see what happened.
I also noticed that I had duplicate subnets in there 10.2.166.0/26.
I'll let you know how I get on.
From: Paul Wouters [mailto:p...@nohats.ca]
Sent: 20 September 2016 17:18
To: Madden, Joe
Subject: Re: [Swan] Stronswan / Libreswan - Tunnel disconnects and becomes
On Tue, 20 Sep 2016, Madden, Joe wrote:
> Just trying to resolve an issue we have with VPN’s disconnecting from a
> Stronswan client.
> When I restart my end of the VPN the VPNs establish and operate fine.
> After a random amount of time with no apparent user action the some of the
> VPN tunnels will become “prospective erouted”
you didnt provide any logs, so we have no idea of what is actually happening.
Are they hanging up? Are you hanging up? Are they trying to rekey to you? The
only thing we know is that this is ikev1, so it does not relate to rekeying
> keylife= 60m
> ikelifetime= 480m
You could try and change these timings. An 1h IPsec SA lifetime is pretty short
- usually these are kept at 8h or 24h. It does not matter too much other than
that you can tweak these to determine who gets to initiate the rekeying
(whoever has the shortest keylife)
But check your logs to see what is going on when the failure is happening.
Swan mailing list