[strongSwan] why I get the wrong rekey time
Tobias Brunner
tobias at strongswan.org
Fri May 20 10:38:46 CEST 2011
Hi,
> but I found that the message always like the following, this will
> cause the stop of data transfer.
> 1. INFORMATIONAL (deleting IKE_SA)
> 2. INFORMATIONAL (deleting IKE_SA confirm)
> at this time the IPSEC tunnel is destroyed
> 3. IKE_SA_INIT
> 4. IKE_SA_INIT
> 5. IKE_AUTH
> 6. IKE_AUTH
> the new IPSEC tunnel setup.
What you see is a reauthentication. If you want to rekey the IKE SA you
have to specify
reauth=no
in ipsec.conf.
Regards,
Tobias
More information about the Users
mailing list