Hi Vivek, > Now in this Scenario when the stack has exhausted the Max. No. of > retries and the SA is still not established, How can we make the stack > recover. i.e.when the problem is fixed(destination becomes reachable), > how can we make the stack to retry SA establishment.
You can set 'keyingtries = %forever' for that connection in ipsec.conf then charon will start the initiation anew after it reached the maximum number of retransmissions. This setting is only relevant for the initiation of an IKE SA, though. If you want your connection to stay up, you will also want to activate DPD by adding 'dpdaction = restart' and most likely 'dpddelay = <time>' to the config. Regards, Tobias -- ====================================================================== Tobias Brunner tob...@strongswan.org strongSwan - the Linux VPN Solution! http://www.strongswan.org ====================================================================== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
