[strongSwan] Charon IKEv1 rekeying?
Gerald Richter - ECOS
richter at ecos.de
Fri Mar 1 16:15:11 CET 2013
> > deleting duplicate IKE_SA for peer 'DC=test, DC=testuml,
> > OU=Zertifikate, CN=ipsec cert' due to uniqueness policy
> > If I add " uniqueids = no" to the ipsec.conf, it works, but this was
> > never necessary in the past.
> This is indeed an issue: ISAKMP reauthentication does not properly migrate
> children from the replaced to the new SA. This is required when having a
> unique policy. I pushed two changes to  fixing this issue.
> Let me know if this works for you.
The patch work for us. Phase 1 rekeying with policy=unique now works without problems.
More information about the Users