[strongSwan] Question about IKEv2 re-authentication timeout

Dan Cook dan.cook at illum.io
Fri Jul 12 19:23:16 CEST 2013


Greetings,

I have a configuration / runtime question regarding authentication
failures in SS 5.1 (I assume 5.0.4 behaves the same).

What is the default timeout between re-authentication attempts?
Is the timeout configurable in strongswan.conf?  I tried setting the
"close_ike_on_child_failure" to yes in the charon section of
strongswan.conf but that didn't appear to affect the timeout value.

I want to be able to force a re-authentication or have the timeout be
shorter than the default.
Doing a ipsec reload seems to do it, but that seems a little drastic a
solution.

The use case is upon getting a new connection the other side may have
not received credentials yet, but will very shortly.  I would like to
retry more aggressively in a script before declaring failure.

Regards,
Dan Cook




More information about the Users mailing list