Hi all,
I'm having issues with some responders when my initiator tries to establish
a new sa after a dpd timeout.
Responder rejects connection with an internal_address_failure due to
initiator is sending the last assigned inner ip as internal_ip4_address
attribute in ike_auth configuration payload.
Initiator has this relevant configuration:
ipsec.conf
dpdaction=restart
closeaction=restart
keyingtries=%forever
leftsourceip=%config
auto=start
keyexchange=ikev2
reauth=no
strongswan.conf
close_ike_on_child_failure = yes
When I restart ipsec, connection can be established succesfully as
initiator sends this attribute empty.
Should initiatior act in this way when it tries to create a new sa after
dpd timeout? If yes, can this behaviour be modified?
Many thanks.
Best regards,
Nacho.
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
