Hi, I am experiencing the following issue when setting up ipsec site-to-site vpn connection: Initially everything works fine but in some period of time of inactivity (still need to figure out when it happens) when I check the status of VPN connection/tunnel on both sides, everything looks OK: Cisco RV042 status "Connected", strongSwan SA (connection) - Up. But I can't ping from the Cisco side to strongSwan, pinging restores only after Cisco side is pinged from the strongSwan side.
strongSwan related logs: sending keep alive to <Cisco External IP>[500] sending DPD request generating INFORMATIONAL_V1 request 3168494568 [ HASH N(DPD) ] sending packet: from <strongSwan-Internal IP> [4500] to <Cisco External IP> (76 bytes) received packet: from <Cisco External IP> 9[4500] to <strongSwan-Internal IP> (76 bytes) And there are no any errors, looks good, but in reality it is far from to be OK. Is this Cisco side problem , strongSwan or both? My ipsec.conf: config setup charondebug="ike 2, knl 3, cfg 0" conn %default keyingtries=%forever left=%defaultroute leftid=34.x.x.x leftsubnet=10.x.x.0/24 conn MyConn keyexchange=ikev1 authby=secret type=tunnel leftauth=psk rightauth=psk right=<FQDN-DynDNS> rightsubnet=192.x.x.0/24 rightid=@<FQDN-DynDNS> reauth=no ike=aes256-sha1-modp1024 esp=aes256-sha1-modp1024 ikelifetime=8h lifetime=1h modeconfig = push dpddelay=30 dpdtimeout=180 dpdaction=clear auto=route Cisco RV042 (GUI configuration): Local Group: IP+Domain Name Authentication Remote Group: IP only Perfect Forward Secrecy - enabled Keep Alive DPD interval: 30 sec I have set up a site-to-site VPN tunnel between EdgeRouter and this strongSwan, everything works as expected, but they are both strongSwan Cisco-EdgeRouter is experiencing the same issues as discribed above. But Cisco-Cisco and Cisco-other (non-StrongSwan) are quite stable. I need to make a final decision on whether to use strongSwan as a VPN gateway on AWS VPC or swith to AWS VPN gateway. Need your help to figure out on whether Cisco RV042 (or Linksys LRT 224) with strongSwan or not. Thanks in advance.
