[strongSwan] Charon IKEv1 rekeying?

Noel Kuntze noel at familie-kuntze.de
Sun Jul 7 01:20:37 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Is there a solution for this problem? I'm experiencing this myself at
the moment and am in need of a solution for this problem.

Regards,
Noel

Am 09.05.2013 00:43, schrieb Andreas Ntaflos:
> On 2013-05-03 10:36, Gerald Richter - ECOS wrote:
>> Hi,
>> 
>> during the debugging of IKEv1 rekeying I found out that the old 
>> IKE_SA gets deleted before the new on is fully established.
> [...]
>> So from my point of view the local deletion of the ike_sa needs
>> to be delayed after the new ike_sa is fully established.
>> 
>> Any comments?
> 
> Hi,
> 
> I can't comment much except that I believe I am seeing the same
> problem. StrongSwan 5.0.3 with IKEv1 against a Cisco ASA (over
> which I have no control at all).
> 
> I tried setting "uniqueids = no" (as per the previous discussions
> on the topic) but that doesn't seem to help much.
> 
> In the logs this looks like this with "uniqueids = no": 
> http://pastie.org/pastes/7820117/text?key=rdfidtfi8cogiglommtoq
> 
> With "uniqueids = yes": 
> http://pastie.org/pastes/7820136/text?key=rmcgqev4atibcsjipf5rfw
> 
> In both cases I have to do "ipsec up theconnection" to start it
> again.
> 
> Andreas
> 
> 
> 
> _______________________________________________ Users mailing list 
> Users at lists.strongswan.org 
> https://lists.strongswan.org/mailman/listinfo/users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJR2KZFAAoJEDg5KY9j7GZYvBEP/2RxvVqvh5ov64zrGR6QQGn/
Hnr4pkGnt42izcn1/XkWBxeoibcoAGv1Y+u+3oIZynRje731IQhvjDUCH4qgkqJ0
tBa1KxnB5kD/os0H3R/IFHlVedVc7OPr2K9IjE/UwtQpU3LHDWyr0ji+f/U6H+Gv
PnXU7xT8wfQu9fZr/eMGdl3NyUauiXi3YEahwY+i8kG4JTbG0TsfiyU/GqoNktwA
OYfeGPcIzGPYxYMTp2xnCf8xi4U5Es6Wv5PXCnbwRSTP5EUzFDiEXxWMwVGnCunc
yTWEMgWXnOpnYFk1gdGbOWZeHGrJyjiLE1SXjNsR0HtBa9LGgvSy/hB5GH6rOZQj
Xp6DHQgIKqLIkIkalj6ykwHcut5L1OR3EExT7Zveoo9OnWDUNAcNGh+r0WDHLHtY
tX0LA8Y3LyQe3Rv/dxG1nQD9UzVvT/cuigkXrRloS01Sc4vDGHlBt03GuqYZ5vHH
QTkiigfopSaNJ3Rf43I1aqei9rAhqLt2hDYUoNIkfn3I2+VBNy2ydqLyVslGnWiH
3jcCaZYYnm3RWiqD5uHt8/rk3I3/UWtiJTvV7q0Bd1aGi8htU1zymLCYPrMpSFzT
iR1xdnavjZaAwVkIzGWIS/k7H8sVYzIiyCNU8GuvW2atBk9bPaOB3X5jKsSRjP3W
+eSMyo3kzEiE6otf5dmr
=T8U4
-----END PGP SIGNATURE-----




More information about the Users mailing list