Hi Noel, I’ve made those changes and it seems to have resolved my issue. Thanks for your help.
Regards, Chris — Chris Smith <space.da...@icloud.com> > On 17 Oct 2020, at 14:35, Noel Kuntze <noel.kuntze@thermi.consulting> wrote: > > Hi, > > Configure your own side with lower reauth and rekey times than the other peer. > Currently the other peer tries to reauth which fails because you're using the > insecure aggressive mode. strongSwan by default rejects other peers' > authentication requests if they're using aggressive mode. > A reauthentication is basically creating a new IKE_SA from scratch, so that > behavior applies. > > Just configure your client with lower rekey and reauth times. That's simpler > than globally enabling aggressive mode. > > Kind regards > > Noel
