[strongSwan] Behavior on receiving NO_ADDITIONAL_SAS

Martin Willi martin at strongswan.org
Fri Mar 1 09:13:39 CET 2013


> But I think we are violating the following RFC clause here right ?

> failed attempt to create a Child SA SHOULD NOT tear down the IKE SA:
> there is no reason to lose the work done to set up the IKE SA.

I don't think so. This statement is in the section of creating
CHILD_SAs, not rekeying them. Further, it is a SHOULD NOT, not a MUST
NOT requirement.


More information about the Users mailing list