Colleagues, how to configure strongSwan to continuously try to reconnect in case of network failure?
My current settings are: charon { close_ike_on_child_failure = yes retry_initiate_interval = 30 retransmit_base = 1.2 retransmit_limit = 30 retransmit_timeout = 2 retransmit_tries = 3 } and, in case of network failure, strongSwan behaves in the following way - it tries to reestablish connection 3 times and then finally gives up: 16:34:28 2020 daemon.info : 07[IKE] sending DPD request 16:34:28 2020 daemon.info : 07[ENC] generating INFORMATIONAL request 2 [ N(NATD_S_IP) N(NATD_D_IP) ] 16:34:28 2020 daemon.info : 07[NET] sending packet: from 192.168.2.212[4500] to xx.xx.xx.xx[4500] (113 bytes) 16:34:30 2020 daemon.info : 08[IKE] retransmit 1 of request with message ID 2 16:34:30 2020 daemon.info : 08[NET] sending packet: from 192.168.2.212[4500] to xx.xx.xx.xx[4500] (113 bytes) 16:34:32 2020 daemon.info : 09[IKE] retransmit 2 of request with message ID 2 16:34:32 2020 daemon.info : 09[NET] sending packet: from 192.168.2.212[4500] to xx.xx.xx.xx[4500] (113 bytes) 16:34:35 2020 daemon.info : 10[IKE] retransmit 3 of request with message ID 2 16:34:35 2020 daemon.info : 10[NET] sending packet: from 192.168.2.212[4500] to xx.xx.xx.xx[4500] (113 bytes) 16:34:39 2020 daemon.info : 11[IKE] giving up after 3 retransmits 16:34:39 2020 daemon.info : 11[IKE] restarting CHILD_SA rc 16:34:39 2020 daemon.info : 11[IKE] initiating IKE_SA rc[2] to xx.xx.xx.xx 16:34:39 2020 daemon.info : 11[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] 16:34:39 2020 daemon.info : 11[NET] sending packet: from 192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes) 16:34:39 2020 daemon.info : 11[CHD] updown: Processing '' 16:34:41 2020 daemon.info : 13[IKE] retransmit 1 of request with message ID 0 16:34:41 2020 daemon.info : 13[NET] sending packet: from 192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes) 16:34:43 2020 daemon.info : 14[IKE] retransmit 2 of request with message ID 0 16:34:43 2020 daemon.info : 14[NET] sending packet: from 192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes) 16:34:46 2020 daemon.info : 15[IKE] retransmit 3 of request with message ID 0 16:34:46 2020 daemon.info : 15[NET] sending packet: from 192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes) 16:34:49 2020 daemon.info : 16[IKE] giving up after 3 retransmits 16:34:49 2020 daemon.info : 16[IKE] peer not responding, trying again (2/3) 16:34:49 2020 daemon.info : 16[IKE] initiating IKE_SA rc[2] to xx.xx.xx.xx 16:34:49 2020 daemon.info : 16[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] 16:34:49 2020 daemon.info : 16[NET] sending packet: from 192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes) 16:34:51 2020 daemon.info : 05[IKE] retransmit 1 of request with message ID 0 16:34:51 2020 daemon.info : 05[NET] sending packet: from 192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes) 16:34:54 2020 daemon.info : 08[IKE] retransmit 2 of request with message ID 0 16:34:54 2020 daemon.info : 08[NET] sending packet: from 192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes) 16:34:57 2020 daemon.info : 09[IKE] retransmit 3 of request with message ID 0 16:34:57 2020 daemon.info : 09[NET] sending packet: from 192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes) 16:35:00 2020 daemon.info : 06[IKE] giving up after 3 retransmits 16:35:00 2020 daemon.info : 06[IKE] peer not responding, trying again (3/3) 16:35:00 2020 daemon.info : 06[IKE] initiating IKE_SA rc[2] to xx.xx.xx.xx 16:35:00 2020 daemon.info : 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] 16:35:00 2020 daemon.info : 06[NET] sending packet: from 192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes) 16:35:02 2020 daemon.info : 10[IKE] retransmit 1 of request with message ID 0 16:35:02 2020 daemon.info : 10[NET] sending packet: from 192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes) 16:35:05 2020 daemon.info : 11[IKE] retransmit 2 of request with message ID 0 16:35:05 2020 daemon.info : 11[NET] sending packet: from 192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes) 16:35:07 2020 daemon.info : 13[IKE] retransmit 3 of request with message ID 0 16:35:07 2020 daemon.info : 13[NET] sending packet: from 192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes) 16:35:11 2020 daemon.info : 12[IKE] giving up after 3 retransmits 16:35:11 2020 daemon.info : 12[IKE] establishing IKE_SA failed, peer not responding Is there way to make it try continuously in order to establish connection as soon as network will be available again? In case it's essential, my environment is: - OS: OpenWRT 19.07.3 - strongSwan: 5.8.2 (5.8.2_2) Thank you. -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison