[strongSwan] regarding "reauthenticating IKE_SA due to address change"

ujjal sikdar ujjal.sikdar at gmail.com
Wed Jul 27 09:27:15 CEST 2011

> Hi
> I am doing one test scenario where the ip address are dynamically
> configured on the interface  .Due to this what i observe is ,
> reauthentication of ike is happening  due to address change, though the
> configured ip is not related to any configured policy .
> Is it possible to disable the reauthentication of the ike due to ip address
> change . I have also configured "reauth=no" in all the policy to check
> whether it has any effect but seems that it is not taken into effect .
> The configuration is as follows :
> 1)  Policy 1 is configured on eth1 interface (  with reauth=no
> and ikev2
> 2) Policy 2 is configured on eth1:1 (virtual ip address with
> reauth =no and ikev2
> Now when ipsec is up , tunnel will be established properly (both ike sa and
> child sa) .Then i configured another IP address  on eth3 (
> using ifconfig command . The configured ip is visible to the strongswan and
> due to this it goes for the "reauthenticating IKE_SA due to address change".
> Most strange part is
> reauthentication goes only for the virtual ip address
> configuration(  but not for the Actual ip configured at the
> interface (eth1,
> So want to know  the following information .
> 1) Is reauth=no has any effect or i am doing some wrong configuration
> 2) IS reauth =no is applicable to single policy or as whole (if configured
> per policy basis or in default)
> 3) why the reauthentication is happening for the virtual ip address not for
> the actual ip address configured .
> Thanks in advance
> Regards
> Ujjal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110727/19cf2774/attachment.html>

More information about the Users mailing list