Feature #12184
closed
GUI options to configure IKE retransmission behavior
100%
Description
When using IKEv2, dpd_timeout is ignored and instead the global charon.retransmit_* is used to determine the timeout thresholds of the IKE connection. As is, the timeout can last for several minutes.
The retransmission options should be user-configurable. This would help, for example, in HA failover scenarios where a low retransmission timeout could result in a significantly quicker IPsec reconnection.
https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
https://wiki.strongswan.org/projects/strongswan/wiki/Retransmission
https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf
Related issues:
https://redmine.pfsense.org/issues/5355
Updated by Marcos M over 3 years ago
The restransmit options could be put under "VPN / IPsec / Advanced Settings".
Updated by Viktor Gurov about 3 years ago
Updated by Jim Pingle about 3 years ago
- Status changed from New to Pull Request Review
- Assignee set to Viktor Gurov
- Target version set to 2.6.0
- Plus Target Version set to 22.01
Updated by Viktor Gurov almost 3 years ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset 2b6a3712391c681b42d91155459801e28cf33c67.
Updated by Jim Pingle almost 3 years ago
- Subject changed from Allow user configuration of IKE retransmission to GUI options to configure IKE retransmission behavior
Updating subject for release notes.
Updated by Max Leighton almost 3 years ago
- Status changed from Feedback to Resolved
Tested with
2.6.0-BETA (amd64)
built on Thu Dec 23 06:20:23 UTC 2021
FreeBSD 12.3-STABLE
The retransmit settings are present and working. Marking the ticket resolved.