Felipe Polanco wrote: > I always use auto=route or start_action=trap and just keep a ping > running in the background for critical UDP traffic. > > I know it's a poor's man solution but guarantees the connection is always > up.
Does this not cause excessive SAs piling up? I've seen a similar problem with Strongswan on my side and a MikroTik on the remote side: too many excessive SAs in "ipsec status" output and in MikroTik's management console. My theory was that each trapped packet causes a new SA to be attempted/generated until some limit is hit or some resource is exhausted. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/
