Hi,
I've got some of the following in a branch-office configuration on OpenWRT:
StrongSWAN version 5.3.3
conn mainoffice
left=%defaultroute
leftsubnet=192.168.1.0/24,my-ipv6-prefix::/64
leftcert=wrt1Cert.der
[email protected]
leftfirewall=yes
right=vpn.example.org
[email protected]
rightsubnet=my-class-C/24,another-ipv6-prefix::/52
auto=start
dpdaction=restart
closeaction=restart
keyingtries=%forever
With this configuration (dpdaction, closeaction, keyingtries) I would
expect the branch office to make every effort to reconnect and keep
trying forever.
I've observed that if the ISP link goes down (e.g. removing the fibre),
if the ISP link is not ready when StrongSWAN starts up (e.g. after a
router reboot) or if the VPN server is restart then the branch office
fails to reconnect.
Looking at the logs (logread on OpenWRT) I notice an error about DNS
failure for "vpn.example.org" and then it would give up.
I changed the line "right=vpn.example.org" to "right=A.B.C.D" and the
problem went away. Now it really keeps retrying.
I'd like to open a bug report for this but I couldn't log in to the bug
tracker.
Regards,
Daniel
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
