I've got a host-to-host connection that should be kept alive 24/7. machine 1: config setup plutostart=no # IKEv1 charonstart=yes # IKEv2 nat_traversal=no
# Add connections here. # Sample VPN connections conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=%forever keyexchange=ikev2 dpdaction=hold mobike=no conn server1 left=XX.X.XX.XX leftcert=server1-cert.pem left...@server1.xxx.com right=YY.YY.YY.YY right...@server2.xxx.com auto=start server2: config setup plutostart=no # IKEv1 charonstart=yes # IKEv2 nat_traversal=no # Add connections here. # Sample VPN connections conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=%forever keyexchange=ikev2 dpdaction=clear mobike=no conn server12 left=YY.YY.YY.YY leftcert=server2-cert.pem left...@server2.xxx.com right=XX.XX.XX.XX right...@server1.xxx.com auto=add when i start ipsec on both sides it works for a few minutes, then it just doesnt any longer, although the SAs are still alive. server2[2]: ESTABLISHED 11 minutes ago, XX.XX.XX.XX[server1.XXX.com]...YY.YY.YY.YY[server2.XXX.com] server2{2}: INSTALLED, TUNNEL, ESP SPIs: cb043689_i c4ecff51_o server2{2}: XX.XX.XX.XX/32 === YY.YY.YY.YY/32 But no traffic flow can be established. Logs gives me errors like these: Sep 2 02:44:30 server1 charon: 11[KNL] querying policy failed: No such file or directory (2) I have to restart the whole daemon on server1 to get the traffic flowing again.. for a few minutes. Any ideas? _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users