Giuseppe De Marco <[email protected] wrote: Ciao Marco,
Probably I'm wrong but I think that the Dead Peer Detection feature could be helpfull for you # dead-peer detection to clear any "dangling" connections in case the client unexpectedly disconnects dpdaction=clear # If the tunnel has no traffic for this long (default 30 secs), Charon will send a dead peer detection packet. The value 0 means to not send such packets, relying on ordinary traffic, which will occur at least once an hour, which is the default rekeying lifetime. dpddelay=33s # DPD Retries : 3 dpdtimeout=300s Hi Giuseppe, thanks for the tips. Yes indeed dpd should do the trick. But I would like to ask if the strongswan behaviour, (not dropping the IKE/IPSec SA after timeout) is the expected one. Thanks
