Hi,

No, auto=start was the default.

I would prefer to have auto=route as the default.

When you say you did that for years you are referring to your own setup, right?

-Michael

> On 25 Feb 2019, at 23:16, Tom Rymes <trymes(a)rymes.com> wrote:
> 
> Would it not be possible to revert to the old CGI, prior to On-Demand and change the auto=start line to auto=route? We did that for years.
> 
> Tom
> 
>> On Feb 18, 2019, at 6:43 AM, Michael Tremer <michael.tremer(a)ipfire.org> wrote:
>> 
>> Hi,
>> 
>> I tried to change this in the CGI, but it is not so easy.
>> 
>> But I would be in favour of On-Demand being the default.
>> 
>> Best,
>> -Michael
>> 
>>> On 18 Feb 2019, at 04:44, Tom Rymes <trymes(a)rymes.com> wrote:
>>> 
>>> A while back, I made a feature request to allow configuration of the Strongswan “auto” parameter via the WUI. This made its way into the WUI as the “On-Demand” feature a while back (thank you!!!) https://bugzilla.ipfire.org/show_bug.cgi?id=10733
>>> 
>>> At the time, I had posted a few links to messages on the StrongSwan mailing list that indicated that auto=route results in superior reliability, and our experience bears this out, but the default remains “auto=start”.
>>> 
>>> In order to support Windows roadwarrior connections, IPFire’s host cert needs a dns Subject Alt Name, so I had to delete all of our tunnels and certs, then recreate them. This meant that I had to change both sides of ~20 tunnels from the default “Always On” (auto=start) to “On Demand” (auto=route).
>>> 
>>> Coincidentally, this message from one of the developers came across the StrongSwan Users list tonight, which basically makes clear that auto=start should not be used: https://lists.strongswan.org/pipermail/users/2019-February/013373.html
>>> 
>>> The relevant quotation: “Use auto=route. Auto=start is not reliable.”
>>> 
>>> This raises the question as to why auto=start is still the default in IPFire.
>>> 
>>> Thoughts?
>>> 
>>> Tom
>> 
>