On 08/05/17 10:23, Noel Kuntze wrote: > Hello Daniel, > > That's not a bug, that's intentional behaviour. > Charon stops trying to initiate or negotiate when a permanent error > is encountered that it can not handle by itself.
Why do you feel it is a permanent error? In a networked environment, a DNS timeout can sometimes happen. If the DNS returned some other error (e.g. NXDOMAIN) then I would consider that a permanent failure. But a timeout (DNS error SERVFAIL) is not permanent. > Use auto=route, if you > need to make sure CHILD_SAs are reinitiated when they're down, > but needed. There's no option to force retrying in any case. So if I change "auto=start" to "auto=route", then using "right=vpn.example.org" will work again? Note that sometimes I want to make connections from the head office to the branch office, so I don't want it to wait for a process at the branch office to send traffic before bringing up the connection. > Closeaction only applies to CHILD_SAs getting closed and dpdaction only to > dpd timeouts. > So obviously neither applies. Is it safe to leave these entries in place or do you suggest removing or changing either of them? Regards, Daniel _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
