[strongSwan] Behavior on receiving NO_ADDITIONAL_SAS

[Martin Willi]

Hi,

> But I think we are violating the following RFC clause here right ?

> failed attempt to create a Child SA SHOULD NOT tear down the IKE SA:
> there is no reason to lose the work done to set up the IKE SA.

I don't think so. This statement is in the section of creating
CHILD_SAs, not rekeying them. Further, it is a SHOULD NOT, not a MUST
NOT requirement.

Regards
Martin