<div>Hi </div>
<div> </div>
<div>I am doing one test scenario where the ip address are dynamically configured on the interface .Due to this what i observe is , reauthentication of ike is happening due to address change, though the configured ip is not related to any configured policy . </div>
<div>Is it possible to disable the reauthentication of the ike due to ip address change . I have also configured "reauth=no" in all the policy to check whether it has any effect but seems that it is not taken into effect .</div>
<div> </div>
<div>The configuration is as follows :</div>
<div> </div>
<div>1) Policy 1 is configured on eth1 interface (<a href="http://1.1.1.1/24">1.1.1.1/24</a>) with reauth=no and ikev2 </div>
<div>2) Policy 2 is configured on eth1:1 (virtual ip address <a href="http://1.1.1.2/24">1.1.1.2/24</a>) with reauth =no and ikev2</div>
<div> </div>
<div>Now when ipsec is up , tunnel will be established properly (both ike sa and child sa) .Then i configured another IP address on eth3 (<a href="http://4.4.4.4/24">4.4.4.4/24</a>) using ifconfig command . The configured ip is visible to the strongswan and due to this it goes for the "reauthenticating IKE_SA due to address change". Most strange part is </div>
<div>reauthentication goes only for the virtual ip address configuration(1.1.1.2) but not for the Actual ip configured at the interface (eth1, 1.1.1.1).</div>
<div> </div>
<div>So want to know the following information .</div>
<div> </div>
<div>1) Is reauth=no has any effect or i am doing some wrong configuration </div>
<div> </div>
<div>2) IS reauth =no is applicable to single policy or as whole (if configured per policy basis or in default)</div>
<div> </div>
<div>3) why the reauthentication is happening for the virtual ip address not for the actual ip address configured .</div>
<div> </div>
<div>Thanks in advance </div>
<div> </div>
<div>Regards</div>
<div>Ujjal.</div>