Hi Andreas, > Issuing an "ipsec restart" on the left end of the tunnel seems to kill > the connection and it won't come back until I issue an "ipsec restart" > on the right end as well.
You should check the log on the right to see what the problem is when left tries to re-establish the connection. > This is obviously not practical. It seems the right server is not aware > that the connection has been interrupted. How do I make it aware? You could configure DPD with dpdaction=restart so that right re-establishes the SA once it detects the old SA is gone. > It may also be noteworthy that restarting the *right* server does not > result in the same problem. In this case the connection is interrupted > only for the time it takes "ipsec restart" on the right to complete. Is > this behaviour because of the different StrongSwan versions used? Could be, yes. The log of the respective remote end should show if there is a difference in their behavior. Regards, Tobias _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users