26.12.2018 11:13, valentin vlasov пишет:
Hello Dmitry,
1. I have the same problem with a centos <> cisco asa connection with
the same behaviour.
Can you tell me please what are your final settings for ikelifetime,
keylife and rekeymargin?
ikelifetime the same as configured on asa- 28800s
keylife and rekeymargin - default values ( 8h and 9m if I remember
correctly) , i.e. not configured
2. With what periodicity do you run that testing script?
*/5 but I have backup channels, so if channel is not available downtime
will be just about 40s- ospf dead timer...
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
