strongSwan

Hi,

I've followed the following article: ttps://wiki.strongswan.org/projects/strongswan/wiki/highavailability to configure HA on two of my nodes.

Recently I've noticed that HA is acting in a very strange way, I am not sure if this is expected behaviour.

1. The case scenario, 100 Tunnels are load balanced between two servers:
VPNSRV01:
50 ESTABLISHED
50 PASSIVE

VPNsrv02:
50 ESTBALISHED
50 PASSIVE

I was expecting when I restart strongSwan on VPNSRV01, it will cause 50 ESTABLISHED tunnels to move to the VPNSRV02, where in total it will be 100.
After the service restart, in fact the tunnels are moving to the second node for a split second. However after 2-3 seconds all 100 of them are moving back to the VPNSRV01.

2. Another case scenario:

VPNSRV01:
0 ESTABLISHED
100 PASSIVE

VPNsrv02:
100 ESTBALISHED
0 PASSIVE

When I restart strongSwan service on VPNSRV01, after 2-3 seconds all ESTABLISHED tunnels are going to move to the VPNSRV01 from VPNSRV02.
I was assuming that strongsSwan service restart on VPNSRV01, should not cause ESTABLISHED tunnels to move form VPNSRV02.

My config:

    heartbeat_timeout = 2100
    load = yes
    local = XXX.XXX.XXX.XXX
    remote = XXX.XXX.XXX.XXX
    segment_count = 2
    # secret = s!ronG-P5K-s3cret
    fifo_interface = yes
    autobalance = 10
    monitor = yes
    resync = yes

I will appreciate any help or suggestions.

Thank you in advance.