On Thu, Jul 31, 2014 at 09:42:07AM +0200, Martin Willi wrote: > For always-up tunnels, I usually recommend to use auto=route. This makes > sure no matching traffic leaves unencrypted, and the kernel will trigger > a new SA should an existing one fail for whatever reason.
With the caveat that the packet which springs the trap is lost, at least in current versions of Linux. _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
