[strongSwan] regarding "reauthenticating IKE_SA due to address change"
ujjal.sikdar at gmail.com
Wed Jul 27 09:27:15 CEST 2011
> I am doing one test scenario where the ip address are dynamically
> configured on the interface .Due to this what i observe is ,
> reauthentication of ike is happening due to address change, though the
> configured ip is not related to any configured policy .
> Is it possible to disable the reauthentication of the ike due to ip address
> change . I have also configured "reauth=no" in all the policy to check
> whether it has any effect but seems that it is not taken into effect .
> The configuration is as follows :
> 1) Policy 1 is configured on eth1 interface (22.214.171.124/24) with reauth=no
> and ikev2
> 2) Policy 2 is configured on eth1:1 (virtual ip address 126.96.36.199/24) with
> reauth =no and ikev2
> Now when ipsec is up , tunnel will be established properly (both ike sa and
> child sa) .Then i configured another IP address on eth3 (188.8.131.52/24)
> using ifconfig command . The configured ip is visible to the strongswan and
> due to this it goes for the "reauthenticating IKE_SA due to address change".
> Most strange part is
> reauthentication goes only for the virtual ip address
> configuration(184.108.40.206) but not for the Actual ip configured at the
> interface (eth1, 220.127.116.11).
> So want to know the following information .
> 1) Is reauth=no has any effect or i am doing some wrong configuration
> 2) IS reauth =no is applicable to single policy or as whole (if configured
> per policy basis or in default)
> 3) why the reauthentication is happening for the virtual ip address not for
> the actual ip address configured .
> Thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users