[strongSwan-dev] Rekey Question

Daniel Migault mglt.biz at gmail.com
Fri Jul 26 09:44:28 CEST 2013

Looking at the logs, it looks that all CHILD_SA attached to the IKE_SA 
are rekeyed and removed with Delete Payload, but the IKE_SA does not 
seems to be deleted with Delete Payloads. On the other hand ipsec 
statusall does not shows the old IKE_SA.

If strongswan does not support an IKE_SA REKEY, I would like to know if 
there are any reasons for that, or if it just not yet implemented.


On 07/25/2013 07:40 PM, Daniel Palomares wrote:
> Hello all,
> I was just wondering to know if strongswan can perform rekey for ONLY 
> IKE_SAs and not IPsec SAs.
> Whether the response is yes or no:
> Does strongSwan keep the old IKE_SA keying material during REKEY (for 
> only IKE_SA or both IKE_SA and IPsec_SA) ?
> Thanks guys
> Daniel
> _______________________________________________
> Dev mailing list
> Dev at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130726/97c42570/attachment.html>

More information about the Dev mailing list