> As far as I understand, there is no way to keep a tunnel up and running > forever?
A tunnel can fail for many reasons, and auto=start only takes care for initiating the tunnel during startup. For always-up tunnels, I usually recommend to use auto=route. This makes sure no matching traffic leaves unencrypted, and the kernel will trigger a new SA should an existing one fail for whatever reason. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
