Hello Daniel, That's not a bug, that's intentional behaviour. Charon stops trying to initiate or negotiate when a permanent error is encountered that it can not handle by itself. Use auto=route, if you need to make sure CHILD_SAs are reinitiated when they're down, but needed. There's no option to force retrying in any case.
Closeaction only applies to CHILD_SAs getting closed and dpdaction only to dpd timeouts. So obviously neither applies. Kind regards, Noel On 08.05.2017 10:07, Daniel Pocock wrote: > Hi, > > I've got some of the following in a branch-office configuration on OpenWRT: > > StrongSWAN version 5.3.3 > > > conn mainoffice > left=%defaultroute > leftsubnet=192.168.1.0/24,my-ipv6-prefix::/64 > leftcert=wrt1Cert.der > [email protected] > leftfirewall=yes > right=vpn.example.org > [email protected] > rightsubnet=my-class-C/24,another-ipv6-prefix::/52 > auto=start > dpdaction=restart > closeaction=restart > keyingtries=%forever > > > With this configuration (dpdaction, closeaction, keyingtries) I would > expect the branch office to make every effort to reconnect and keep > trying forever. > > I've observed that if the ISP link goes down (e.g. removing the fibre), > if the ISP link is not ready when StrongSWAN starts up (e.g. after a > router reboot) or if the VPN server is restart then the branch office > fails to reconnect. > > Looking at the logs (logread on OpenWRT) I notice an error about DNS > failure for "vpn.example.org" and then it would give up. > > I changed the line "right=vpn.example.org" to "right=A.B.C.D" and the > problem went away. Now it really keeps retrying. > > I'd like to open a bug report for this but I couldn't log in to the bug > tracker. > > Regards, > > Daniel > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
