[strongSwan] IKE_SA gets deleted with no recovery after NTP update
Eduardo Torres
Eduardo.Torres at alcatel-lucent.com
Thu Mar 10 17:13:50 CET 2011
Hi,
I'm seeing the following issue using Strong Swan the scenario is a
follows (test done yesterday March 9).
- ipsec is started using charon daemon (IKEV2) (date at this moment is
Jan 1 1970) rekey set to yes ikelifetime and ipseclifetime set to 28800
- Strong Swan creates the connections (date still is Jan 1 1970)
- ran ipsec statusall the connections were created a this point.
- few seconds passed
- date get synced to March 9, this triggers Strong Swan to start a rekey
- after the rekey, Strong Swan deletes the IKE_SA but does not re-try to
create the IKE_SA
- When running ipsec statusall command shows SA as none (never recovers)
For this scenario I was expecting that Strong Swan try to recover for
this scenario.
I just want to know if this issue is a known issue, if yes could you pls
provide where exactly the fix was made.
Thanks in advance
Eduardo Torres
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110310/e4cdd63f/attachment.html>
More information about the Users
mailing list