This shows you the differences between two versions of the page.
Previous revision | |||
— | strongswan_-_lessons_learned [2020/02/27 05:55] (current) – cbredi | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | **strongSwan IPsec lessons learned** | ||
+ | * Compression limits the throughput to about 100 Mbps | ||
+ | * Disable farp plugin when using 0.0.0.0/0 remote traffic selector | ||
+ | * Enable Charon make before break if using auto=route | ||
+ | * Enable keyingtries=%forever and set Charon retry_initiate_interval nonzero for always up tunnels with auto=route | ||
+ | * Set retry_initiate_interval to nonzero if DNS resolution is in use |