[strongSwan] Windows 7 seems to drop connection when rekeying main mode SA's

Martin Willi martin at strongswan.org
Wed Jan 11 12:53:51 CET 2012


Hi,

>   activating IKE_REKEY task
> initiating IKE_SA rw-win-7[4] to 82.147.51.146
> received DELETE for IKE_SA rw-win-7[3]

Your log level configuration doesn't show any messages, but it seems
that Windows is not happy about the rekeying and deletes the SA.

> I also tried with and without reauth and it did not change the results.

Reauth is not possible, it can't be initiated by the gateway (as we are
using EAP) and Windows does not support the reauthentication lifetime
extension.

> conn rw-win-7
>         leftsubnet=0.0.0.0/0
>         right=%any
>         rightsourceip=10.0.1.0/24
>         rightid="[...]"
>         auto=add
>         esp=aes256-sha1
>         ikelifetime=90m
>         reauth=no

I don't see an ike= proposal definition, strongSwan will default to
modp2048. Windows does not support that, try it with modp1024.

Regards
Martin





More information about the Users mailing list