On Thu, Dec 24, 2009 at 2:22 PM, Daniel Mentz <danielml+mailinglists.strongs...@sent.com> wrote: > Hello Andreas Steffen, > > this is an interesting topic. I'm wondering whether people should be advised > to add > > dpdaction=hold > > to their ipsec.conf.
what would that do? > I tried to setup a configuration that is similar to Andreas Schuldei's. The > thing that was special about my setup is that it uses an ADSL dialup > connection that disconnects every 24 hours. As a result, the ppp0 interface > disappears and reappears shortly after. > > The problem I experienced was that the tunnel did not survive this short > outage and strongSwan failed the connection. What made me worry is that > strongSwan deleted the IPsec policy completely. The consequence was that > traffic was sent unprotected i.e. unencrypted! > > If I set auto=route, I expect strongSwan to setup the IPsec policy and > refrain from deleting it *in any event*. that would be rather ... evil, silent failiour! _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users