Hi Victor, > That could be the case, thanks for the hint. Strongswan could have made 3 > attempts after detecing a dead peer and given up, is that what you > imply?
Yes. > What's the timeout between keyingtries? No timeout between them, regular retransmission timeouts apply for each attempt. > And why is > `keyingtries=%forever` not the default? Who knows, legacy reasons maybe (on the other hand, the default is 1 now with swanctl.conf). > Is there no need for `keyingtries=%forever` in the `auto=route` mode? Further traffic will trigger another acquire (it might even cause duplicate SAs if a retry occurs while traffic triggers another acquire from the kernel). Regards, Tobias
