I've got a simple setup, with one central box and a small set of satelite boxen. The satelites only need to use esp for sockets with the central box, and the central only for sockets with those satelites.
The bandwidth used between central and each satelite is small, a weekly burst plus the occasional additional burst. I based it on the point-to-point transit examples on the web site. I created a CA for the auth. Most of the boxen run debian sid, one or two runs recent ubuntu. Initially, everything looked good. But I recently noticed that the associations time out, allowing traffic to flow w/o esp. Right now, on the central, ipsec statusall shows everything in Connections:, but only two in Security Associations. Ipsec -L shows those two in the esp-related ruleset (one twice), plus another box which is not in ipsec statusall output at all. What do I need to do to keep the associations up full time and ensure that all sockects between central and each satelite use esp? I'd also like to make the iptables rules permanent. Can that be done w/o breaking anything? Thanks. It has been /many/ years since I last did anything with ipsec. -JimC -- James Cloos <[email protected]> OpenPGP: 0x997A9F17ED7DAEA6 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
