[strongSwan-dev] Confusion about rekeying/issue when using Radius

Harry Stark stark.harry at yahoo.co.uk
Mon Apr 28 18:27:09 CEST 2014


I'm using Radius to do xauth (After certificate auth so using xauth2).

It is authenticating and working great for the first connection, but if I drop the connection from the client (Roadwarrior) without doing a proper close, and then have it reconnects this happens>

1. It authenticated and connects fine
2. But it also logs this:
detected rekeying of CHILD_SA [conn profile]{1}

3. And also shows an additional entry under ipsec status:
[conn profile]{1}:  REKEYING, TUNNEL, expires in 76 days

And then I don't have any Internet access at all... can't ping or get any data through the tunnel at all.

I can't seem to prevent the REKEYING - and not sure if that is the problem either?

Any ideas?

If I do the same setup without the Radius and just use xauth-noauth for the last step then everything runs well.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20140428/b4af73d8/attachment-0001.html>

More information about the Dev mailing list