[strongSwan-dev] Understanding IKEv1 rekey
lampert at google.com
Mon Aug 22 11:55:09 CEST 2016
Strongswan does not send a DELETE.
Here is the pointer where Strongswan decides not to send a DELETE.
ke_sa->delete() for a IKE SA that is rekeyed silently deletes itself:
sa.c#L1786 (note the 'break' and return DESTROY_ME).
On Mon, Aug 22, 2016 at 12:53 PM, Tobias Brunner <tobias at strongswan.org>
> Hi Noam,
> > > My question: How is the Cisco ASR supposed to know that the old
> IKE SA
> > > is no longer relevant?
> > Because it is deleted?
> > How is the peer supposed to know that it is deleted if it doesn't
> > receive a DELETE message?
> It doesn't send one? I suppose that's problematic (however, DELETES in
> IKEv1 are not really reliable anyway).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev