Answer the question
In order to leave comments, you need to log in
How to monitor IPSec and improve connection?
I have a connection to a remote IPsec partner, he has a cisco ASA, and I'm not really aware of what TIME values \u200b\u200bhe wrote there of the keepalive type (and they don’t give out information)
So I would like to know what tools for monitoring IPsec (strongswan) on Linux exist?
As well as the question
established 18938s ago, reauth in 66511s
installed 13182s ago, rekeying in 72176s, expires in 73219s
How to make these values always only grow and not reset (screenshot below)
Answer the question
In order to leave comments, you need to log in
Enable logging in strongswan - when passing the first phase, there will be exchange timings, and in the second phase there will be own timings. But depending on who clings to whom and how the connection is negotiated, the timings can be selected from the minimum of the two agreed options. That is, they cannot be increased, they can only be reduced. In general, they are already large enough for you.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question