[strongSwan] regarding "reauthenticating IKE_SA due to address change"
ujjal sikdar
ujjal.sikdar at gmail.com
Wed Jul 27 09:27:15 CEST 2011
>
> Hi
>
> I am doing one test scenario where the ip address are dynamically
> configured on the interface .Due to this what i observe is ,
> reauthentication of ike is happening due to address change, though the
> configured ip is not related to any configured policy .
> Is it possible to disable the reauthentication of the ike due to ip address
> change . I have also configured "reauth=no" in all the policy to check
> whether it has any effect but seems that it is not taken into effect .
>
> The configuration is as follows :
>
> 1) Policy 1 is configured on eth1 interface (1.1.1.1/24) with reauth=no
> and ikev2
> 2) Policy 2 is configured on eth1:1 (virtual ip address 1.1.1.2/24) with
> reauth =no and ikev2
>
> Now when ipsec is up , tunnel will be established properly (both ike sa and
> child sa) .Then i configured another IP address on eth3 (4.4.4.4/24)
> using ifconfig command . The configured ip is visible to the strongswan and
> due to this it goes for the "reauthenticating IKE_SA due to address change".
> Most strange part is
> reauthentication goes only for the virtual ip address
> configuration(1.1.1.2) but not for the Actual ip configured at the
> interface (eth1, 1.1.1.1).
>
> So want to know the following information .
>
> 1) Is reauth=no has any effect or i am doing some wrong configuration
>
> 2) IS reauth =no is applicable to single policy or as whole (if configured
> per policy basis or in default)
>
> 3) why the reauthentication is happening for the virtual ip address not for
> the actual ip address configured .
>
> Thanks in advance
>
> Regards
> Ujjal.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110727/19cf2774/attachment.html>
More information about the Users
mailing list