[strongSwan] Charon IKEv1 rekeying?

Noel Kuntze noel at familie-kuntze.de
Sun Jul 7 13:30:05 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

That didn't help, sadly. Charon still looses the IKE_SA when
re-authenticating.

Regards,
Noel

Am 07.07.2013 03:32, schrieb Dmitry Korzhevin:
> Hi,
> 
> Try use "uniqueids = never"
> 
> Noel Kuntze <noel at familie-kuntze.de> написал(а):
> 
> Hello,
> 
> Is there a solution for this problem? I'm experiencing this myself
> at the moment and am in need of a solution for this problem.
> 
> Regards, Noel
> 
> Am 09.05.2013 00:43, schrieb Andreas Ntaflos:
> 
> On 2013-05-03 10:36, Gerald Richter - ECOS wrote:
> 
> Hi,
> 
> during the debugging of IKEv1 rekeying I found out that the old 
> IKE_SA gets deleted before the new on is fully established.
> 
> [...]
> 
> So from my point of view the local deletion of the ike_sa needs to
> be delayed after the new ike_sa is fully established.
> 
> Any comments?
> 
> 
> Hi,
> 
> I can't comment much except that I believe I am seeing the same 
> problem. StrongSwan 5.0.3 with IKEv1 against a Cisco ASA (over 
> which I have no control at all).
> 
> I tried setting "uniqueids = no" (as per the previous discussions 
> on the topic) but that doesn't seem to help much.
> 
> In the logs this looks like this with "uniqueids = no": 
> http://pastie.org/pastes/7820117/text?key=rdfidtfi8cogiglommtoq
> 
> With "uniqueids = yes": 
> http://pastie.org/pastes/7820136/text?key=rmcgqev4atibcsjipf5rfw
> 
> In both cases I have to do "ipsec up theconnection" to start it 
> again.
> 
> Andreas
> 
> 
> 
> ------------------------------------------------------------------------
>
> 
Users mailing list
> Users at lists.strongswan.org 
> https://lists.strongswan.org/mailman/listinfo/users
> 
> 
> 
> ------------------------------------------------------------------------
>
>  Users mailing list Users at lists.strongswan.org 
> https://lists.strongswan.org/mailman/listinfo/users
> 
> 
> -- Sent from my Android phone with K-9 Mail. Please excuse my
> brevity.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJR2VE9AAoJEDg5KY9j7GZYrK4P/AmWfLgIMMXGmpMzzMuSdqxj
79AWEGL+XJ/L0PpnRP5ZshVbkohHD250dPoky9ydFBhIJRTUIsx7ThbqAE/N1hi5
DHn/Z/FEGyKfZz89QxVzk6XOsjEnaOw4xxWopF2TLFOX1QQRketXx1DfMlBVoaYM
1lScYlbr8J1OzjYiChg6zlShAPNpQKmfNhMcsJHgEBUxGj71btgz84c7aXCwXIB7
n42kCtwf/Q26WeVMf0Liu8QYJFGGxXSalvvomtATnF0k5yCE02RzaeFVIcFbjP+Q
afcefAFNhQOUHGZ7JIdK0X2Kj/BpLyDnEHQyww7298iP9eHxiu0MRvh9NiX2oNSj
4q6oxuams4WHT1v4WCVeMx535cS9OnUPfEbuECLbOKUGUNIDcuLZUh/E5otWW1ou
6fzWZ1Wu0ND8gSKdtY4TihKdq9skOvMOBGgvHbWQxVwY9y6FBsnfSSq9JkN7sNmW
IkuKqXoFakF0aT1xjLvqYy4b6UmvLL5BXypdIpwOi8o0j8VfroOQl5YIGJ7UF2aL
vECLfFGwVfZ7X/WsE+Fb0Pi0CJEEiep8xrUZhCBZRAKSqfQDiR92NfxfuubwCbay
LL/jdctpC7PnvH54/D4T9VPvuOtdMTu20/M6/5RtTt2E0TDKdu2K8sBx3CFOvpqi
e7pJ+leXx6ppx1vCie+q
=N33t
-----END PGP SIGNATURE-----




More information about the Users mailing list