[strongSwan-dev] IKEv1 rekey issue

Tobias Brunner tobias at strongswan.org
Mon Dec 17 08:56:57 CET 2018


Hi Manju,

> * IKEv1 rekey happens every 300s, new IKE SAs are created and no IPsec
> SAs are created. Should the system not recover on next IKEv1 rekey?

No, IKE rekeying does not affect CHILD_SAs.

> * IPsec rekey timer is probably not of any use since IPsec SAs are not
> present.

Yep.

You could use trap policies to (re-)create CHILD_SAs automatically if
they get closed for some reason.

Regards,
Tobias


More information about the Dev mailing list