Dear Colleagues,
There was a power outage, the Mikrotik router at home was powered off
for several hours. Then it was powered on again but there was no IPSec
SA from work (Strongswan) to home (Mikrotik).
I had to run "ipsec up home" at work to make things work again. Why did
the SA not start automatically when the Mikrotik became available again?
This is the relevant Strongswan config (yes the Strongswan at work is
behind NAT).
conn home
auto=start
authby=secret
dpddelay=10s
dpdaction=restart
esp=aes256-sha1-modp2048
ike=aes256-sha1-modp2048
ikelifetime=1h
lifetime=10m
keyexchange=ikev2
type=transport
left=10.10.10.5
right=y.y.y.y
leftprotoport=47
rightprotoport=47
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
