[strongSwan] why I get the wrong rekey time

Tobias Brunner tobias at strongswan.org
Fri May 20 10:38:46 CEST 2011


Hi,

> but I found that the message always like the following, this will
> cause the stop of data transfer.
> 1. INFORMATIONAL (deleting IKE_SA)
> 2. INFORMATIONAL (deleting IKE_SA confirm)
> at this time the IPSEC tunnel is destroyed
> 3. IKE_SA_INIT
> 4. IKE_SA_INIT
> 5. IKE_AUTH
> 6. IKE_AUTH
> the new IPSEC tunnel setup.

What you see is a reauthentication.  If you want to rekey the IKE SA you 
have to specify

	reauth=no

in ipsec.conf.

Regards,
Tobias




More information about the Users mailing list