Project

General

Profile

Issue #3455

Disconnect related issues

Added by huijun li 5 months ago. Updated 27 days ago.

Status:
Closed
Priority:
Normal
Category:
configuration
Affected version:
5.8.1
Resolution:
No feedback

Description

1. Disconnect the network cable between VPNs. It cannot immediately detect that the VPN connection has been disconnected, but waits for about 15 minutes before showing the connection is disconnected. Is this time configurable?

2. If the network cable is plugged in properly, the VPN connection cannot be established. Can it be established through configuration?

History

#1 Updated by huijun li 5 months ago

Sorry, the software version is strongswan-5.8.1

#2 Updated by Tobias Brunner 5 months ago

  • Status changed from New to Feedback
  • Affected version changed from 5.8.4 to 5.8.1

It cannot immediately detect that the VPN connection has been disconnected, but waits for about 15 minutes before showing the connection is disconnected. Is this time configurable?

Detect what exactly? And where? And how?

2. If the network cable is plugged in properly, the VPN connection cannot be established. Can it be established through configuration?

What do you mean? Maybe you want to read some of the documentation (e.g. IntroductionTostrongSwan).

#3 Updated by huijun li 5 months ago

1. About the first question,We built a simple vpn scene: subnet1<-->VPN<-->subnet2.If you unplug the middle network cable,View through the 'ipsec status' command, VPN is still connected.15 minutes later, you can see the VPN connection is disconnected。

2.On the basis of question 1, re-insert the network cable, VPN cannot be established automatically。

Is the ‘15 minutes ’time configurable?

#4 Updated by Tobias Brunner 5 months ago

View through the 'ipsec status' command, VPN is still connected.

Sure, why should you see anything else there. You might want to read about DPD and MOBIKE.

2.On the basis of question 1, re-insert the network cable, VPN cannot be established automatically。

Why should it? Read about initiating and again DPD and MOBIKE.

Is the ‘15 minutes ’time configurable?

Read about DPD and retransmission timeouts (and possibly MOBIKE to avoid having to reestablish anything in the first place).

#5 Updated by Tobias Brunner 27 days ago

  • Category set to configuration
  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No feedback

Also available in: Atom PDF