Hi Kimmo, > The question is, how to improve Server 1 ipsec.conf to be able to keep > SA's up always without manual interaction? I don't have access to > server 2.
For always-up tunnels, I usually prefer to install trap policies that automatically re-establish the tunnel if it should fail for whatever reason: closeaction=close dpdaction=close auto=route You'll have to send some traffic to trigger the tunnel initially. But the trap policy will stay installed and make sure your tunnel does, too. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
