Hi Diego, > deleting IKE_SA CONN_NAME[10] between > x.x.x.x[vpn1.example.com]...x.x.x.x[vpn2.example.com] > > I wrote an script that controls the status of the tunnel using "ipsec > status". For some reason, some conns are dropped randomly. I have DPD > enabled but I don't see the message "giving up..." and I don't see the > message "received stroke..." about the connection lost and I don't see > the rekeying messages. > > Is there an aditional way to discover why Charon is deleting IKE SAs?
You are probably using reauth=yes (which is the default). So instead of rekeying the IKE_SA the daemon will first delete the current instance (hence the "deleting IKE_SA..." message) and then setup a new IKE_SA from scratch. Try reauth=no to get regular IKE_SA rekeyings. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
