Hi, I have setup Strongswan with two WAN connections between the peers. Only one is "up" at a time. There is a control script that watchs the WAN connectivity and up/down the connections. For some reason, sometimes, the passive connection goes UP. I'm not sure why, someone in the IRC told me that the problem is the rekey that could start the connection because I have two of them with the same traffic selectors. I'm sure that the problem is not in my control script because the problem appears when I'm not running it too.
The right solution would be to enable/disable the connection, but Strongswan doesn't supports this and doing it with includes, symlinks and "ipsec reload" gave me some headaches. I was thinking about changing the leftsubnet (central site) from 10.0.0.0/8 to 10.128.0.0/9 in the backup connection. That will match my subnets and will make the traffic selector different to avoid problems. But, I'm not sure, because the second one is included in the first one and may be the problem is the same. Will that work? Regards, Diego -- Diego Woitasen _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
