Hi, I had a query regarding creating proposals in IKE_INIT message in strongswan.
Once charon is spawned, is it possible to change the encryption algorithms in th proposal, without killing strongswan? More generally , is there a possibility to change the configuration provided in ipsec.conf, after charon is spawned? Regards, Vivek On 7/17/09, Tobias Brunner <tob...@strongswan.org> wrote: > Hi Vivek, > >> Now in this Scenario when the stack has exhausted the Max. No. of >> retries and the SA is still not established, How can we make the stack >> recover. i.e.when the problem is fixed(destination becomes reachable), >> how can we make the stack to retry SA establishment. > > You can set 'keyingtries = %forever' for that connection in ipsec.conf > then charon will start the initiation anew after it reached the maximum > number of retransmissions. This setting is only relevant for the > initiation of an IKE SA, though. If you want your connection to stay > up, you will also want to activate DPD by adding 'dpdaction = restart' > and most likely 'dpddelay = <time>' to the config. > > Regards, > Tobias > > -- > ====================================================================== > Tobias Brunner tob...@strongswan.org > strongSwan - the Linux VPN Solution! http://www.strongswan.org > ====================================================================== > _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
