Hello All:
When I issue the command "uci show strongswan" is get the following:
<snip>
strongswan.SOICCMP.leftfirewall='yes'
strongswan.SOICCMP.forceencaps='no'
strongswan.SOICCMP.dpdaction='restart'
strongswan.SOICCMP.closeaction='restart'
strongswan.SOICCMP.right='164.100.196.79'
strongswan.SOICCMP.allow_webui='1'
<snip>
But then when I look at the ipsec.conf:
conn SOICC
leftid=keyid:CORS219
leftauth=psk
rightauth=psk
leftsubnet=2.2.2.219/32
right=A.B.C.D
rightid=keyid:CCrouter
keyexchange=ikev2
authby=secret
leftfirewall=yes
rightfirewall=no
auto=start
type=tunnel
aggressive=no
dpdaction=restart
dpddelay=30
dpdtimeout=30
forceencaps=no
keyingtries=%forever
ike=aes256-sha256-modp2048
ikelifetime=5h
esp=aes256-sha256-modp2048
keylife=4h
rightsubnet=1.1.1.10/32
You can see the absence of the "closeaction=restart" option.
Where has it gone? Why is it not there?
Here is my /etc/config/strongswan file:
config conn 'SOICC'
option enabled '1'
option keyexchange 'ikev2'
option ipsec_type 'tunnel'
option leftfirewall 'yes'
option forceencaps 'no'
option dpdaction 'restart'
option closeaction 'restart'
option right 'A.B.C.D'
option allow_webui '1'
option ike_encryption_algorithm 'aes256'
option ike_authentication_algorithm 'sha256'
option ike_dh_group 'modp2048'
option esp_encryption_algorithm 'aes256'
option esp_hash_algorithm 'sha256'
option esp_pfs_group 'modp2048'
option keylife '4h'
option my_identifier 'keyid:CORS219'
option rightid 'keyid:CCrouter'
option rightfirewall 'no'
option dpddelay '30'
option dpdtimeout '30'
option ikelifetime '5h'
option auto 'start'
option auth 'psk'
list leftsubnet '2.2.2.219/32'
list rightsubnet '1.1.1.10/32'
option aggressive 'no'
So I have enabled the option, why is it not showing up in the /etc/ipsec.conf file after reboot?
Cheers,
John