[strongSwan-dev] IKEv1 rekey issue
Tobias Brunner
tobias at strongswan.org
Mon Dec 17 08:56:57 CET 2018
Hi Manju,
> * IKEv1 rekey happens every 300s, new IKE SAs are created and no IPsec
> SAs are created. Should the system not recover on next IKEv1 rekey?
No, IKE rekeying does not affect CHILD_SAs.
> * IPsec rekey timer is probably not of any use since IPsec SAs are not
> present.
Yep.
You could use trap policies to (re-)create CHILD_SAs automatically if
they get closed for some reason.
Regards,
Tobias
More information about the Dev
mailing list