[strongSwan-dev] IKEv1 rekey issue
manjunath.mp at gmail.com
Mon Dec 17 10:09:12 CET 2018
Please provide some additional info for the trap policies. In our scenario,
on the IKEv1 rekey collision, we are losing the child-sas and it never gets
Are the trap-policies, some configuration or settings. Anything specific to
child-sas we need to set?
On Sun, Dec 16, 2018 at 11:56 PM Tobias Brunner <tobias at strongswan.org>
> Hi Manju,
> > * IKEv1 rekey happens every 300s, new IKE SAs are created and no IPsec
> > SAs are created. Should the system not recover on next IKEv1 rekey?
> No, IKE rekeying does not affect CHILD_SAs.
> > * IPsec rekey timer is probably not of any use since IPsec SAs are not
> > present.
> You could use trap policies to (re-)create CHILD_SAs automatically if
> they get closed for some reason.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev