[strongSwan] Certificate expiration for active IPsec connections

Martin Willi martin at strongswan.org
Thu Apr 1 16:00:31 CEST 2010

> What does strongSwan for an active IPsec connection authenticated with
> certificates when the certificate validity period expires?

We currently do not close a tunnel if the certificate expires.

If you want to enforce such a policy, you'd need to do reauthentication
(i.e. close and reestablish the tunnel) periodically.


More information about the Users mailing list