[strongSwan] IKE_SA gets deleted with no recovery after NTP update

Eduardo Torres Eduardo.Torres at alcatel-lucent.com
Thu Mar 10 17:13:50 CET 2011


I'm seeing the following issue using Strong Swan the scenario is a 
follows (test done yesterday March 9).

- ipsec is started using charon daemon (IKEV2) (date at this moment is 
Jan 1 1970) rekey set to yes ikelifetime and ipseclifetime set to 28800
- Strong Swan creates the connections (date still is Jan 1 1970)
- ran ipsec statusall the connections were created a this point.
- few seconds passed
- date get synced to March 9, this triggers Strong Swan to start a rekey
- after the rekey, Strong Swan deletes the IKE_SA but does not re-try to 
create the IKE_SA
- When running ipsec statusall command shows SA as none (never recovers)

For this scenario I was expecting that Strong Swan  try to recover for 
this scenario.

I just want to know if this issue is a known issue, if yes could you pls 
provide where exactly the fix was made.

Thanks in advance
Eduardo Torres

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110310/e4cdd63f/attachment.html>

More information about the Users mailing list