[strongSwan] installpolicy=no not working, even when reqid is manually set
Martin Willi
martin at strongswan.org
Tue Nov 2 10:27:06 CET 2010
> Charon starts with reqid 1 and then just enumerates them. If
> reqid 2 is assigned to your IPsec SA means that reqid 1 was
> assigned to an earlier connection.
Requids are reused after rekeying. But in your case, the tunnel is
reauthenticated (i.e. re-established from scratch). This results in a
completely new CHILD_SA that has a unique requid. Setting reauth=no
probably works better for your special case.
Regards
Martin
More information about the Users
mailing list