[strongSwan] Charon IKEv1 rekeying?

Dmitry Korzhevin dmitry.korzhevin at stidia.com
Sun Jul 7 03:32:59 CEST 2013


Hi,

Try use "uniqueids = never"

Noel Kuntze <noel at familie-kuntze.de> написал(а):

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Hello,
>
>Is there a solution for this problem? I'm experiencing this myself at
>the moment and am in need of a solution for this problem.
>
>Regards,
>Noel
>
>Am 09.05.2013 00:43, schrieb Andreas Ntaflos:
>> On 2013-05-03 10:36, Gerald Richter - ECOS wrote:
>>> Hi,
>>> 
>>> during the debugging of IKEv1 rekeying I found out that the old 
>>> IKE_SA gets deleted before the new on is fully established.
>> [...]
>>> So from my point of view the local deletion of the ike_sa needs
>>> to be delayed after the new ike_sa is fully established.
>>> 
>>> Any comments?
>> 
>> Hi,
>> 
>> I can't comment much except that I believe I am seeing the same
>> problem. StrongSwan 5.0.3 with IKEv1 against a Cisco ASA (over
>> which I have no control at all).
>> 
>> I tried setting "uniqueids = no" (as per the previous discussions
>> on the topic) but that doesn't seem to help much.
>> 
>> In the logs this looks like this with "uniqueids = no": 
>> http://pastie.org/pastes/7820117/text?key=rdfidtfi8cogiglommtoq
>> 
>> With "uniqueids = yes": 
>> http://pastie.org/pastes/7820136/text?key=rmcgqev4atibcsjipf5rfw
>> 
>> In both cases I have to do "ipsec up theconnection" to start it
>> again.
>> 
>> Andreas
>> 
>> 
>> 
>> _______________________________________________ Users mailing list 
>> Users at lists.strongswan.org 
>> https://lists.strongswan.org/mailman/listinfo/users
>> 
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v2.0.20 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
>iQIcBAEBAgAGBQJR2KZFAAoJEDg5KY9j7GZYvBEP/2RxvVqvh5ov64zrGR6QQGn/
>Hnr4pkGnt42izcn1/XkWBxeoibcoAGv1Y+u+3oIZynRje731IQhvjDUCH4qgkqJ0
>tBa1KxnB5kD/os0H3R/IFHlVedVc7OPr2K9IjE/UwtQpU3LHDWyr0ji+f/U6H+Gv
>PnXU7xT8wfQu9fZr/eMGdl3NyUauiXi3YEahwY+i8kG4JTbG0TsfiyU/GqoNktwA
>OYfeGPcIzGPYxYMTp2xnCf8xi4U5Es6Wv5PXCnbwRSTP5EUzFDiEXxWMwVGnCunc
>yTWEMgWXnOpnYFk1gdGbOWZeHGrJyjiLE1SXjNsR0HtBa9LGgvSy/hB5GH6rOZQj
>Xp6DHQgIKqLIkIkalj6ykwHcut5L1OR3EExT7Zveoo9OnWDUNAcNGh+r0WDHLHtY
>tX0LA8Y3LyQe3Rv/dxG1nQD9UzVvT/cuigkXrRloS01Sc4vDGHlBt03GuqYZ5vHH
>QTkiigfopSaNJ3Rf43I1aqei9rAhqLt2hDYUoNIkfn3I2+VBNy2ydqLyVslGnWiH
>3jcCaZYYnm3RWiqD5uHt8/rk3I3/UWtiJTvV7q0Bd1aGi8htU1zymLCYPrMpSFzT
>iR1xdnavjZaAwVkIzGWIS/k7H8sVYzIiyCNU8GuvW2atBk9bPaOB3X5jKsSRjP3W
>+eSMyo3kzEiE6otf5dmr
>=T8U4
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>Users mailing list
>Users at lists.strongswan.org
>https://lists.strongswan.org/mailman/listinfo/users

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130707/1d317c76/attachment.html>


More information about the Users mailing list