User Tools

Site Tools


strongswan_-_lessons_learned

strongSwan IPsec lessons learned

  • Compression limits the throughput to about 100 Mbps
  • Disable farp plugin when using 0.0.0.0/0 remote traffic selector
  • Enable Charon make before break if using auto=route
  • Enable keyingtries=%forever and set Charon retry_initiate_interval nonzero for always up tunnels with auto=route
  • Set retry_initiate_interval to nonzero if DNS resolution is in use
strongswan_-_lessons_learned.txt · Last modified: 2020/02/27 05:55 by cbredi