[strongSwan] NO_ADDITIONAL_SAS on RFC5996
Murali v
muracse at gmail.com
Thu Feb 28 17:24:58 CET 2013
Hi Sir,
We are using Strongswan-4.5.3 in our application . Here we are facing some
issue during the CHILD_SA Re-Key.
The messages are given below.
Initiator
Responder
--------------- CREATE_CHILD_SA (CHILD_SA Re-Key)------------->
----------------CREATE_CHILD_SA (NO_ADDITIONAL_SAS)-------->
----------------- INFORMATIONAL (DELETE for IKE)
---------------------->
As per the RFC 5996, it say's as below for "NO_ADDITIONAL_SAS" Notification
,
*If the responder rejects the CREATE_CHILD_SA*
*request with a NO_ADDITIONAL_SAS notification, the implementation*
*MUST be capable of instead deleting the old SA and creating a new*
*one.*
Here it say's that the CHILD_SA deletion & creation . However , in
Strongswan, it's doing the RE-AUTH of IKE_SA.
Is this the expected behavior or the RFC 5996 is case not implemented ?
Thanks & Regards,
Murali V
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130228/bed19b81/attachment.html>
More information about the Users
mailing list