From d81c621bd0515315584c7f762de9b192026c8808 Mon Sep 17 00:00:00 2001 From: toby Date: Fri, 7 Dec 2018 18:08:11 +0100 Subject: [PATCH] ipsec tweaks for stability ... hopefully.... --- files/ipsec.conf.wit | 3 ++- files/wit-logging.conf | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/files/ipsec.conf.wit b/files/ipsec.conf.wit index 8dfb7ca..95d3ddb 100644 --- a/files/ipsec.conf.wit +++ b/files/ipsec.conf.wit @@ -6,10 +6,11 @@ config setup conn %default #keyexchange = ikev2 keyingtries = %forever + mobike = no dpdtimeout = 10 dpddelay = 2 dpdaction = hold - #closeaction = none + #closeaction = clear #rekeyfuzz = 100% ikelifetime = 4h margintime = 12m diff --git a/files/wit-logging.conf b/files/wit-logging.conf index 0b06a21..453f7fa 100644 --- a/files/wit-logging.conf +++ b/files/wit-logging.conf @@ -2,7 +2,20 @@ charon { install_routes = no install_virtual_ip = no interfaces_use = lo + make_before_break = yes + delete_rekeyed = yes + delete_rekeyed_delay = 10 + + threads = 32 + processor { + priority_threads { + critical = 2 + high = 4 + medium = 4 + } + } + syslog { auth { ike_name = yes