From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Rymes To: development@lists.ipfire.org Subject: Re: Strongswan and auto=start Date: Mon, 25 Feb 2019 18:16:39 -0500 Message-ID: <32FF8B0B-1D8C-4964-85B4-77DC6598F63D@rymes.com> In-Reply-To: <1E6A1CEB-8E34-4517-9065-C65CDFFC0D7A@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7543850462562666896==" List-Id: --===============7543850462562666896== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Would it not be possible to revert to the old CGI, prior to On-Demand and cha= nge the auto=3Dstart line to auto=3Droute? We did that for years. Tom > On Feb 18, 2019, at 6:43 AM, Michael Tremer w= rote: >=20 > Hi, >=20 > I tried to change this in the CGI, but it is not so easy. >=20 > But I would be in favour of On-Demand being the default. >=20 > Best, > -Michael >=20 >> On 18 Feb 2019, at 04:44, Tom Rymes wrote: >>=20 >> A while back, I made a feature request to allow configuration of the Stron= gswan =E2=80=9Cauto=E2=80=9D parameter via the WUI. This made its way into th= e WUI as the =E2=80=9COn-Demand=E2=80=9D feature a while back (thank you!!!) = https://bugzilla.ipfire.org/show_bug.cgi?id=3D10733 >>=20 >> At the time, I had posted a few links to messages on the StrongSwan mailin= g list that indicated that auto=3Droute results in superior reliability, and = our experience bears this out, but the default remains =E2=80=9Cauto=3Dstart= =E2=80=9D. >>=20 >> In order to support Windows roadwarrior connections, IPFire=E2=80=99s host= cert needs a dns Subject Alt Name, so I had to delete all of our tunnels and= certs, then recreate them. This meant that I had to change both sides of ~20= tunnels from the default =E2=80=9CAlways On=E2=80=9D (auto=3Dstart) to =E2= =80=9COn Demand=E2=80=9D (auto=3Droute). >>=20 >> Coincidentally, this message from one of the developers came across the St= rongSwan Users list tonight, which basically makes clear that auto=3Dstart sh= ould not be used: https://lists.strongswan.org/pipermail/users/2019-February/= 013373.html >>=20 >> The relevant quotation: =E2=80=9CUse auto=3Droute. Auto=3Dstart is not rel= iable.=E2=80=9D >>=20 >> This raises the question as to why auto=3Dstart is still the default in IP= Fire. >>=20 >> Thoughts? >>=20 >> Tom >=20 --===============7543850462562666896==--