On Thu, 6 Jul 2017, Qasim Bin Mehmood wrote:
The third and forth problems however are still there. ipsec whack —listen does not remove the VPN configured ip from the interface and it doesn’t try to reconnect. Also the connection I have found is very unreliable. It would break frequently and won’t reconnect. I have set nat-keepalive to true. I have also set dpdaction to restart. But none of these options work. Is there a way to specify a retry interval? Following is the client side configuration.
Hmm, I thought the --listen would trigger a --down, which would remove the IP?
conn xauth-psk authby=secret left=%defaultroute leftxauthclient=yes leftmodecfgclient=yes leftxauthusername=username modecfgpull=yes right=example.com rightsubnet=172.31.30.0/20 rightxauthserver=yes rightmodecfgserver=yes rekey=no dpdaction=restart dpdtimeout=120 dpddelay=30 auto=start ike_frag=yes nat-keepalive=yes
Can you try setting rekey=yes on the client side? Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
