<div dir="ltr">will the use of "reauth=no" in strongswan create any interoperability problems with Cisco IKEv2 IPsec Peers?<div><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 4, 2017 at 10:48 AM, Rajiv Kulkarni <span dir="ltr"><<a href="mailto:rajivkulkarni69@gmail.com" target="_blank">rajivkulkarni69@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi<div><br></div><div>Although mentioned in the wiki that IKEv1 always does reauthentication when rekeying IKEv1-SAs...</div><div><br></div><div>I still was getting some doubts...Can you please confirm that if i use the below config for ipsec (using Strongswan 5.5.x)...the use of "reauth=no" in the "conn default" will apply to all IKEv2 connections AND ONLY to IKEv2 connections</div><div><br></div><div>Can you clarify that this option will NOT have any effect on IKEv1 connections</div><div><br></div><div>======================</div><div><div>conn %default</div><div><span style="white-space:pre-wrap">  </span>ikelifetime=3h</div><div><span style="white-space:pre-wrap">   </span>keylife=1h</div><div><span style="white-space:pre-wrap">       </span>mobike=no</div><div><span style="white-space:pre-wrap">        </span>dpddelay=30s</div><div>        dpdtimeout=90s</div><div>        dpdaction=clear</div><div><span style="white-space:pre-wrap">  </span>fragmentation=yes</div><div><span style="white-space:pre-wrap">        </span>leftsendcert=always</div><div><span style="white-space:pre-wrap">      </span>reauth=no</div><div><br></div><div>conn tun1_V1</div><div>        left=172.31.32.201</div><div>        right=192.168.0.100</div><div>        ...</div><div>        ...</div><div>        type=tunnel</div><div>        keyexchange=ikev1</div><div><span style="white-space:pre-wrap">   </span>auto=route</div><div><br></div><div>conn tun2_V2</div><div>        left=172.31.32.201</div><div>        right=172.28.28.102</div><div>        ...</div><div>        ...</div><div>        type=tunnel</div><div>        keyexchange=ikev2</div><div><span style="white-space:pre-wrap">  </span>auto=route</div></div><div><br></div><div><div><div>conn tun3_V2</div><div>        left=172.31.32.201</div><div>        right=172.29.1.2</div><div>        ...</div><div>        ...</div><div>        type=tunnel</div><div>        keyexchange=ikev2</div><div><span style="white-space:pre-wrap">   </span>auto=route</div></div><div><br></div></div><div><br></div><div>======================</div><div><br></div><div><br></div><div>thanks & regards</div><span class="HOEnZb"><font color="#888888"><div>Rajiv</div><div><br></div></font></span></div>
</blockquote></div><br></div></div></div>