I've got an IPsec tunnel to a VM running StrongSwan. When I bring the
tunnel up, everything works as expected for about 1 hour, after which
the tunnel seems to stop working as it show's as Down on the Fortigate
side. If I restart the ipsec tunnel on ...
Yep, after making this post I went over the log messages and saw that it
was keeping the phase 1 up but failing phase 2 at renegotiation. Turning
off PFS does indeed "fix" it. Strongswan docs say the following "PFS is
enabled by appending a DH group ...
