[strongSwan-dev] Rekey Question
Daniel Migault
mglt.biz at gmail.com
Fri Jul 26 09:44:28 CEST 2013
Looking at the logs, it looks that all CHILD_SA attached to the IKE_SA
are rekeyed and removed with Delete Payload, but the IKE_SA does not
seems to be deleted with Delete Payloads. On the other hand ipsec
statusall does not shows the old IKE_SA.
If strongswan does not support an IKE_SA REKEY, I would like to know if
there are any reasons for that, or if it just not yet implemented.
BR,
Daniel
On 07/25/2013 07:40 PM, Daniel Palomares wrote:
> Hello all,
>
> I was just wondering to know if strongswan can perform rekey for ONLY
> IKE_SAs and not IPsec SAs.
>
> Whether the response is yes or no:
> Does strongSwan keep the old IKE_SA keying material during REKEY (for
> only IKE_SA or both IKE_SA and IPsec_SA) ?
>
> Thanks guys
>
> Daniel
>
>
> _______________________________________________
> Dev mailing list
> Dev at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130726/97c42570/attachment.html>
More information about the Dev
mailing list