[strongSwan] "loosing" Security Associations

John A. Sullivan III jsullivan at opensourcedevel.com
Mon Jul 8 19:28:13 CEST 2013


On Mon, 2013-07-08 at 09:25 +0200, Jozef Kutej wrote:
> On 07/08/2013 12:12 AM, John A. Sullivan III wrote:
> > This looks like exactly the problem we're having and I've not found a
> > solution.  I do not think the problem is the network connection - John
> 
> since ~5days we are running with:
> 
>        reauth=no
>        rekey=no
> 
> which solved the instability problems and no SA got lost.
> 
> How secure is ipsec without re-keying? What's the risk?
<snip>

I left a ping running through a GRE tunnel overnight to see if the
problem had anything to do with link stability and the network
connection is fine but the IPSec tunnel drops.  We have tried using
reauth=no only and that does not help (nor would we really want to do
it).

Something must be rekeying or the session will cease.  Thus, I assume
you have just turned off rekeying on the one side.  That's a possible
solution and one that one often needs to implement when dealing with
other VPN products but I would hope we can find out why SWAN is failing
to rekey properly with SWAN! Thanks - John





More information about the Users mailing list