We don’t actually configure IKE based VPNs there so it’s just a default file; we use swanctl to manage strongSwan. If you check /etc/swanctl/swanctl.conf you should see the main parts of your config. Here are some useful shell commands:
swanctl --list-sas → check live tunnel state
swanctl --list-conns → confirm configuration
swanctl --list-certs / --list-keys → verify credentials
swanctl --list-pols → verify kernel policies
swanctl --list-pools → cleanest way to see just the configured subnet(s) for address assignment
Is this related to the ticket? I was added to your sites yesterday evening, but did not get a chance to take a look at your tunnel yet. It’s possible it’s related to something I discovered, but I did not get the related log information to confirm.
I intend to take a look this morning, and I will stress I’m just checking logs and configs related to the VPN, and I will not be doing anything to interrupt connectivity (especially at home). I will then follow up with the agent you’re working with and we can coordinate next steps. I’m sure we can get to the bottom of this, and probably even implement a workaround if needed, and then circle back here with a post-mortem.
For now, I thought the above info about swanctl may be of interest.
EDIT: slight adjustment of first line for clarity