[strongSwan] Charon IKEv1 rekeying?

Dmitry Korzhevin dmitry.korzhevin at stidia.com
Sun Jul 7 03:32:59 CEST 2013


Try use "uniqueids = never"

Noel Kuntze <noel at familie-kuntze.de> написал(а):

>Hash: SHA1
>Is there a solution for this problem? I'm experiencing this myself at
>the moment and am in need of a solution for this problem.
>Am 09.05.2013 00:43, schrieb Andreas Ntaflos:
>> On 2013-05-03 10:36, Gerald Richter - ECOS wrote:
>>> Hi,
>>> during the debugging of IKEv1 rekeying I found out that the old 
>>> IKE_SA gets deleted before the new on is fully established.
>> [...]
>>> So from my point of view the local deletion of the ike_sa needs
>>> to be delayed after the new ike_sa is fully established.
>>> Any comments?
>> Hi,
>> I can't comment much except that I believe I am seeing the same
>> problem. StrongSwan 5.0.3 with IKEv1 against a Cisco ASA (over
>> which I have no control at all).
>> I tried setting "uniqueids = no" (as per the previous discussions
>> on the topic) but that doesn't seem to help much.
>> In the logs this looks like this with "uniqueids = no": 
>> http://pastie.org/pastes/7820117/text?key=rdfidtfi8cogiglommtoq
>> With "uniqueids = yes": 
>> http://pastie.org/pastes/7820136/text?key=rmcgqev4atibcsjipf5rfw
>> In both cases I have to do "ipsec up theconnection" to start it
>> again.
>> Andreas
>> _______________________________________________ Users mailing list 
>> Users at lists.strongswan.org 
>> https://lists.strongswan.org/mailman/listinfo/users
>Version: GnuPG v2.0.20 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>Users mailing list
>Users at lists.strongswan.org

Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130707/1d317c76/attachment.html>

More information about the Users mailing list