> does strongSwan keep trying to start the connection? Or is some manual > intervention required? We have auto=start, dpdaction=restart, > keyingtries=%forever, rekey=yes, if that matters...
No, this is considered as a permanent error, and no retries are done. > I assume before your patch, the up/down script would be called with > PLUTO_MY_SOURCEIP set to 0.0.0.0 Yes. > and I wonder what else would happen? Would there be an IPSEC SA > created? If your responder returns all the required payloads (SA, TSi, TSr), and the traffic selectors match to 0.0.0.0, yes. > Sorry, I don't follow what you mean by "the physical IP (or something > that contains it)". I don't understand what IP could be used or > assumed, if the SeGW can not fulfill the client's request for an IP > address assignment. The client uses the tunnel outer address, the address the client uses to communicate in IKE. As in a Host2Host or Host2Net tunnel. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
