[strongSwan-dev] IKEv1 rekey issue
manjunath.mp at gmail.com
Fri Dec 14 19:10:07 CET 2018
In my case, the IKE SA rekey time was 300s and IPsec SA rekey time was
However, once I hit the scenario, the system remains in that state:
* IKEv1 rekey happens every 300s, new IKE SAs are created and no IPsec SAs
are created. Should the system not recover on next IKEv1 rekey?
* IPsec rekey timer is probably not of any use since IPsec SAs are not
On Wed, Dec 12, 2018 at 12:57 AM Tobias Brunner <tobias at strongswan.org>
> Hi Manju,
> > However, are there known issues with IKEv1 with short rekey timers and
> > how does IKEv2 overcome this problem?
> IKEv1 has no exchange collision handling, so if both ends rekey
> concurrently, all bets are off, IKEv2 has (except for reauthentication,
> so use regular rekeying to avoid problems).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev