[strongSwan] why I get the wrong rekey time
张元玄
yuanakumazhang at gmail.com
Fri May 20 10:34:08 CEST 2011
I set the IKERekey time as following:
conn %default
ikelifetime=6m
keylife=3m
rekeymargin=1m
keyingtries=2
rekeyfuzz =0%
but I found that the message always like the following, this will
cause the stop of data transfer.
1. INFORMATIONAL (deleting IKE_SA)
2. INFORMATIONAL (deleting IKE_SA confirm)
at this time the IPSEC tunnel is destroyed
3. IKE_SA_INIT
4. IKE_SA_INIT
5. IKE_AUTH
6. IKE_AUTH
the new IPSEC tunnel setup.
I think the right sequence of message should be like the
following(defined by rfc 4306 2.8.rekeying), then the data transfer
will not stop.
1. IKE_SA_INIT
2. IKE_SA_INIT
3. IKE_AUTH
4. IKE_AUTH
5. INFORMATIONAL (deleting IKE_SA)
6. INFORMATIONAL (deleting IKE_SA confirm)
anyone can help me.
More information about the Users
mailing list