[strongSwan] Failed to create IKEv2 CHILD_SA if peer rekeyed IKE_SA
tjmao at tjmao.net
Wed Dec 19 18:34:40 CET 2012
Thanks for the response. So far the patch has worked pretty well and virtual
IPs are now transferred to the new IKE_SA on rekeying.
I should have checked git log first for any recent commits. :)
On 12/19/12, Martin Willi <martin at strongswan.org> wrote:
> According to your log (and your subject), I'd guess it is the other way
> round: CHILD_SA rekeying fails once an IKE_SA rekeying completed. An
> IKE_SA rekeying doesn't transfer any traffic selectors, it actually
> can't fail for this reason.
> I recently fixed an annoying bug that can affect rekeyings: the virtual
> IP was not transferred correctly during IKE_SA rekeying. For rekeyed
> IKE_SAs, the virtual IP is not available anymore, which affects traffic
> selector derivation/selection if they are "dynamic".
> Please try the patch at , chances are good that it fixes this issue.
> Only 5.0.1 is affected, 5.0.2 will include the fix.
More information about the Users