On 08/05/17 10:42, Daniel Pocock wrote: > On 08/05/17 10:23, Noel Kuntze wrote: >> Hello Daniel, >> >> That's not a bug, that's intentional behaviour. >> Charon stops trying to initiate or negotiate when a permanent error >> is encountered that it can not handle by itself. > Why do you feel it is a permanent error? In a networked environment, a > DNS timeout can sometimes happen. > > If the DNS returned some other error (e.g. NXDOMAIN) then I would > consider that a permanent failure. But a timeout (DNS error SERVFAIL) > is not permanent. > > >> Use auto=route, if you >> need to make sure CHILD_SAs are reinitiated when they're down, >> but needed. There's no option to force retrying in any case. > So if I change "auto=start" to "auto=route", then using > "right=vpn.example.org" will work again? > > Note that sometimes I want to make connections from the head office to > the branch office, so I don't want it to wait for a process at the > branch office to send traffic before bringing up the connection. > >> Closeaction only applies to CHILD_SAs getting closed and dpdaction only to >> dpd timeouts. >> So obviously neither applies. > Is it safe to leave these entries in place or do you suggest removing or > changing either of them?
I also put my comments about this in the bug tracker now https://wiki.strongswan.org/issues/2319 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
