[strongSwan] Certificate expiration for active IPsec connections

[Martin Willi]

Hi,
> 
> What does strongSwan for an active IPsec connection authenticated with
> certificates when the certificate validity period expires?

We currently do not close a tunnel if the certificate expires.

If you want to enforce such a policy, you'd need to do reauthentication
(i.e. close and reestablish the tunnel) periodically.

Regards
Martin