[strongSwan] When is DH re-negotiated ?

Martin Willi martin at strongswan.org
Thu Mar 24 14:19:58 CET 2011

> In this case, I believe that it is always us (the client) that
> initiates rekeying. So, by proposing "aes-sha1-modp1024,aes-sha1!",
> you could say that we are giving the SeGW a choice of whether it wants
> us to perform a DH or non-DH CHILD_SA rekey ?

It should work. The client will always initiate with a KE payload. But
the server may select the second proposal, and answer without the KE
payload. I think this should work with never strongSwan releases (having
the mentioned patch), but I can't speak for other implementations.

> it would probably be rude for us to attempt a DH CHILD_SA rekey when
> the SeGW has indicated a preference for a non-DH one ? :-)

As long as the gateway did not initiate the rekey itself, it can't
"indicate a preference". We don't know its preference until we've done a
rekey. And it might change its preference, for example if it enforces a
new DH exchange only after a given tunnel uptime.


More information about the Users mailing list