I have requirements for a VPN which is always up. The initiator must always be reachable from the responder. The initiator may not have a static IP address.
I've seen recommendations for implementing this requirement on the initiator using kernel trap, e.g. "start_action = trap" which also requires a separate process to keep the VPN up, with pings from the local_ts to the remote_ts for example. I am curious if the same goal may be met by the following ikev2, swanctl.conf : inititator: dpd_delay=60s dpd_action = restart start_action = start close_action = start keyingtries=0 responder: dpd_action=clear dpd_delay=60s Initial testing shows this works without a separate initiator "ping" process, which is attractive, but I'm sure there are many corner cases I have not considered. Will the above config create and maintain a stable VPN? thanks, Jeff
