IPsec DPD action incorrect on development snapshots
The DPD action isn't correct in several cases on snapshots (swanctl format). For example:
- "none" is not valid, should be "clear"
- "restart" is currently the default, it should be "trap" for policy-based tunnels and "restart" for VTI
- It should mirror the equivalent values for Child SA close action when that is set
#2 Updated by Florin Samareanu 3 months ago
After going with latest dev I don’t see any duplicate p1s or p2s during the last 24h. My tunnels are mostly using default values (I did change reauth to rekey for phase 1) with vti p2s. Thank you for nailing this.
As a side note, it would be great if p2s would expose the same settings as p1s with regards to reauth/rekey/over time but current setup works well for me too.
Before I would end up with tens of duplicate p2s after a few hours.