Hi,<div><br></div><div>I am currently facing a problem regarding one ikev2 message CREATE_CHILD_SA. I am using a network testing application(basically it tests conformance)</div><div>Scenario-</div><div><br></div><div>First one ikev2 child SA is eshtablished after IKE_SA_INIT an IKE_AUTH exchanges.Now A second Child SA created by sending CREATE_CHILD_SA request.</div>
<div>Then this application times out the first child SA and expects a REKEY request for the first CHILD SA.BUT when two child sa gets eshtablished the keylife of both the Child SA's gets approximately same.And Strongswan sends rekey request for both of them. Now this software sends one CREATE_CHILD_SA (rekey response) message.But in Strongswan's side it shows MAC Authentication failed( in var/log/charon.log).And it drops the packet.</div>
<div><br></div><div>I am not sure why this is happening.Is there any limitations on creating more than two Child SAs for the same IKE SA.Or is there any known issue on strongswan </div><div>about creating more than one Child SA or rekeying.</div>
<div><br></div><div>I am very new to ike.Please help me out with any suggestion on this.I badly need it.</div><div><br></div><div>Sorry for the english.</div><div><br></div><div>Thanks and Regards,</div><div>Avishek Ganguly</div>