[strongSwan-dev] IKEv1 rekey issue

Manju Prabhu manjunath.mp at gmail.com
Mon Dec 17 10:09:12 CET 2018


Please provide some additional info for the trap policies. In our scenario,
on the IKEv1 rekey collision, we are losing the child-sas and it never gets
created again.
Are the trap-policies, some configuration or settings. Anything specific to
child-sas we need to set?

thanks,
Manju

On Sun, Dec 16, 2018 at 11:56 PM Tobias Brunner <tobias at strongswan.org>
wrote:

> Hi Manju,
>
> > * IKEv1 rekey happens every 300s, new IKE SAs are created and no IPsec
> > SAs are created. Should the system not recover on next IKEv1 rekey?
>
> No, IKE rekeying does not affect CHILD_SAs.
>
> > * IPsec rekey timer is probably not of any use since IPsec SAs are not
> > present.
>
> Yep.
>
> You could use trap policies to (re-)create CHILD_SAs automatically if
> they get closed for some reason.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20181217/91fefb97/attachment.html>


More information about the Dev mailing list