[Swan] reauth option

John Crisp jcrisp at safeandsoundit.co.uk
Thu Aug 29 12:47:32 UTC 2019


My connections from Endian -> Libre drop every week (I think when the
logs rotate and some services restart)

I has been suggested by Endian (using Strongswan) that apparently I
should set 'reauth' in my Libreswan setup.

However, I cannot see that as an option in the man page?

Oddly enough I noticed while messing about that if I add it to the
ipsec.conf file it passes muster with ipsec verify !!

grep reauth /etc/ipsec.d/ipsec.conf

ipsec verify
Verifying installed system and configuration files

Version check and ipsec on-path                   	[OK]
Libreswan 3.29 (netkey) on 2.6.32-754.18.2.el6.x86_64
Checking for IPsec support in kernel              	[OK]
 NETKEY: Testing XFRM related proc values
         ICMP default/send_redirects              	[OK]
         ICMP default/accept_redirects            	[OK]
         XFRM larval drop                         	[OK]
Pluto ipsec.conf syntax                           	[OK]

Any suggestions?

B. Rgds
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190829/76c1e667/attachment.sig>

More information about the Swan mailing list