And what do you mean by "the daemon is configured programmatically"?
How many keyintries does the Android client default to? Does it support and react on DPD? If not, how does the client know when there is a issue with the connection, and retries or completely stops? (other then when receiving an implicit IKE DELETE)

Den 2017-07-30 kl. 18:50, skrev Noel Kuntze:
Hi Dusan,

On 30.07.2017 18:42, Dusan Ilic wrote:
What is the default ipsec.conf settings for the Android client? For example 
keyinretries, dpd etc?
There's none. The daemon is configured programmatically.
Because I notice a problem, when the client is connected and the server is 
restart (ipsec restart) it disconnects and reconnects (probably because the 
server is sending IKE deletes), but when the server just goes away (let's say 
DHCP or disconnected network) the clienbt continues to report that its 
connected forever.
Sounds like a bug in the UI.

The server is having DPD clear on the remote access connection, and removes the 
client, but the client seem to have not DPD enabled? It just sits there and if 
for example you route everything from the client internet stops working on the 
phone, wihtout even noticing because Strongswan report it still as connected.

Is there anyway to solve this, if not, this should really be fixed in the 
default settings for the client (either DPD restart or clear).

Reply via email to