[strongSwan] Clarification on rekeying IKE SA
martin at strongswan.org
Fri Jul 6 15:37:11 CEST 2012
> We observe that, when ike sa life time expires, initiator triggers
> INFORMATION exchange with remote node (by sending DELETE payload for
> current SA). But RFC says CREATE_CHILD_SA request is used to initiate
> rekeying IKE SA.
By default, strongSwan does a complete IKE_SA re-authentication if the
lifetime expires. You can change this behavior to use IKE_SA rekeying
instead by setting reauth=no in your connection.
More information about the Users