[strongSwan-dev] Understanding IKEv1 rekey

Noam Lampert lampert at google.com
Mon Aug 22 11:55:09 CEST 2016

Strongswan does not send a DELETE.
Here is the pointer where Strongswan decides not to send a DELETE.
ke_sa->delete() for a IKE SA that is rekeyed silently deletes itself:
sa.c#L1786  (note the 'break' and return DESTROY_ME).

On Mon, Aug 22, 2016 at 12:53 PM, Tobias Brunner <tobias at strongswan.org>

> Hi Noam,
> >     > My question: How is the Cisco ASR supposed to know that the old
> >     > is no longer relevant?
> >     Because it is deleted?
> >
> > How is the peer supposed to know that it is deleted if it doesn't
> > receive a DELETE message?
> It doesn't send one?  I suppose that's problematic (however, DELETES in
> IKEv1 are not really reliable anyway).
> Regards,
> Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20160822/de3077d6/attachment.html>

More information about the Dev mailing list