[strongSwan] Charon IKEv1 rekeying?
Noel Kuntze
noel at familie-kuntze.de
Sun Jul 7 13:30:05 CEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
That didn't help, sadly. Charon still looses the IKE_SA when
re-authenticating.
Regards,
Noel
Am 07.07.2013 03:32, schrieb Dmitry Korzhevin:
> Hi,
>
> Try use "uniqueids = never"
>
> Noel Kuntze <noel at familie-kuntze.de> написал(а):
>
> Hello,
>
> Is there a solution for this problem? I'm experiencing this myself
> at the moment and am in need of a solution for this problem.
>
> Regards, Noel
>
> Am 09.05.2013 00:43, schrieb Andreas Ntaflos:
>
> On 2013-05-03 10:36, Gerald Richter - ECOS wrote:
>
> Hi,
>
> during the debugging of IKEv1 rekeying I found out that the old
> IKE_SA gets deleted before the new on is fully established.
>
> [...]
>
> So from my point of view the local deletion of the ike_sa needs to
> be delayed after the new ike_sa is fully established.
>
> Any comments?
>
>
> Hi,
>
> I can't comment much except that I believe I am seeing the same
> problem. StrongSwan 5.0.3 with IKEv1 against a Cisco ASA (over
> which I have no control at all).
>
> I tried setting "uniqueids = no" (as per the previous discussions
> on the topic) but that doesn't seem to help much.
>
> In the logs this looks like this with "uniqueids = no":
> http://pastie.org/pastes/7820117/text?key=rdfidtfi8cogiglommtoq
>
> With "uniqueids = yes":
> http://pastie.org/pastes/7820136/text?key=rmcgqev4atibcsjipf5rfw
>
> In both cases I have to do "ipsec up theconnection" to start it
> again.
>
> Andreas
>
>
>
> ------------------------------------------------------------------------
>
>
Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
>
>
> ------------------------------------------------------------------------
>
> Users mailing list Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
>
> -- Sent from my Android phone with K-9 Mail. Please excuse my
> brevity.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJR2VE9AAoJEDg5KY9j7GZYrK4P/AmWfLgIMMXGmpMzzMuSdqxj
79AWEGL+XJ/L0PpnRP5ZshVbkohHD250dPoky9ydFBhIJRTUIsx7ThbqAE/N1hi5
DHn/Z/FEGyKfZz89QxVzk6XOsjEnaOw4xxWopF2TLFOX1QQRketXx1DfMlBVoaYM
1lScYlbr8J1OzjYiChg6zlShAPNpQKmfNhMcsJHgEBUxGj71btgz84c7aXCwXIB7
n42kCtwf/Q26WeVMf0Liu8QYJFGGxXSalvvomtATnF0k5yCE02RzaeFVIcFbjP+Q
afcefAFNhQOUHGZ7JIdK0X2Kj/BpLyDnEHQyww7298iP9eHxiu0MRvh9NiX2oNSj
4q6oxuams4WHT1v4WCVeMx535cS9OnUPfEbuECLbOKUGUNIDcuLZUh/E5otWW1ou
6fzWZ1Wu0ND8gSKdtY4TihKdq9skOvMOBGgvHbWQxVwY9y6FBsnfSSq9JkN7sNmW
IkuKqXoFakF0aT1xjLvqYy4b6UmvLL5BXypdIpwOi8o0j8VfroOQl5YIGJ7UF2aL
vECLfFGwVfZ7X/WsE+Fb0Pi0CJEEiep8xrUZhCBZRAKSqfQDiR92NfxfuubwCbay
LL/jdctpC7PnvH54/D4T9VPvuOtdMTu20/M6/5RtTt2E0TDKdu2K8sBx3CFOvpqi
e7pJ+leXx6ppx1vCie+q
=N33t
-----END PGP SIGNATURE-----
More information about the Users
mailing list