[strongSwan] When is DH re-negotiated ?
Martin Willi
martin at strongswan.org
Thu Mar 24 13:15:12 CET 2011
Hi Graham,
> Is DH re-negotiated everytime we rekey the IKE_SA ?
With strongSwan, yes. We always require a DH exchange. Some other
RFC4306 implementations might support non-DH IKE rekeyings, but in
RFC5996 it is a MUST.
> Here, for our initiators, we give this choice to the SeGW by
> specifying that we accept either (e.g. "aes-sha1-modp1024,aes-sha1!").
We have discussed this once before [1], a fix for strongSwan was
required to support DH and non-DH CHILD_SA proposals.
> My understanding is that by specifying the above, we are leaving it up
> to the SeGW to choose whether to always re-negotiate the DH when the
> CHILD_SA is rekeyed (by sending back to us "aes-sha1-modp1024") or to
> never re-negotiate the DH when the CHILD_SA is rekeyed (by sending
> back to us "aes-sha1").
As long as the rekeying is always initiated by the SeGW, your
understanding is correct.
> So, if the former, does this mean that a new DH is re-negotiated
> everytime we rekey the CHILD_SA AND a new DH is re-negotiated
> everytime we rekey the IKE_SA ?
> If the latter, does this mean that a new DH is re-negotiated ONLY when
> we rekey the IKE_SA ?
> Finally, if the latter, can the SeGW vary when the DH is re-negotiated
> (i.e. re-negotiate the DH every THIRD time the CHILD_SA is rekeyed) ?
Yes, yes. And yes ;-).
Regards
Martin
[1]https://lists.strongswan.org/pipermail/users/2010-April/004789.html
More information about the Users
mailing list