[strongSwan] installpolicy=no not working, even when reqid is manually set

Martin Willi martin at strongswan.org
Tue Nov 2 10:27:06 CET 2010

> Charon starts with reqid 1 and then just enumerates them. If
> reqid 2 is assigned to your IPsec SA means that reqid 1 was
> assigned to an earlier connection.

Requids are reused after rekeying. But in your case, the tunnel is
reauthenticated (i.e. re-established from scratch). This results in a
completely new CHILD_SA that has a unique requid. Setting reauth=no
probably works better for your special case.


More information about the Users mailing list