From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Strongswan and auto=start Date: Mon, 18 Feb 2019 11:43:38 +0000 Message-ID: <1E6A1CEB-8E34-4517-9065-C65CDFFC0D7A@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0578442004657337817==" List-Id: --===============0578442004657337817== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, I tried to change this in the CGI, but it is not so easy. But I would be in favour of On-Demand being the default. Best, -Michael > On 18 Feb 2019, at 04:44, Tom Rymes wrote: >=20 > A while back, I made a feature request to allow configuration of the Strong= swan =E2=80=9Cauto=E2=80=9D parameter via the WUI. This made its way into the= WUI as the =E2=80=9COn-Demand=E2=80=9D feature a while back (thank you!!!) h= ttps://bugzilla.ipfire.org/show_bug.cgi?id=3D10733 >=20 > At the time, I had posted a few links to messages on the StrongSwan mailing= list that indicated that auto=3Droute results in superior reliability, and o= ur experience bears this out, but the default remains =E2=80=9Cauto=3Dstart= =E2=80=9D. >=20 > In order to support Windows roadwarrior connections, IPFire=E2=80=99s host = cert needs a dns Subject Alt Name, so I had to delete all of our tunnels and = certs, then recreate them. This meant that I had to change both sides of ~20 = tunnels from the default =E2=80=9CAlways On=E2=80=9D (auto=3Dstart) to =E2=80= =9COn Demand=E2=80=9D (auto=3Droute). >=20 > Coincidentally, this message from one of the developers came across the Str= ongSwan Users list tonight, which basically makes clear that auto=3Dstart sho= uld not be used: https://lists.strongswan.org/pipermail/users/2019-February/0= 13373.html >=20 > The relevant quotation: =E2=80=9CUse auto=3Droute. Auto=3Dstart is not reli= able.=E2=80=9D >=20 > This raises the question as to why auto=3Dstart is still the default in IPF= ire. >=20 > Thoughts? >=20 > Tom --===============0578442004657337817==--