[strongSwan] Charon IKEv1 rekeying?
Gerald Richter - ECOS
richter at ecos.de
Fri Mar 1 16:15:11 CET 2013
Hi Martin,
>
> > deleting duplicate IKE_SA for peer 'DC=test, DC=testuml,
> > OU=Zertifikate, CN=ipsec cert' due to uniqueness policy
>
> > If I add " uniqueids = no" to the ipsec.conf, it works, but this was
> > never necessary in the past.
>
> This is indeed an issue: ISAKMP reauthentication does not properly migrate
> children from the replaced to the new SA. This is required when having a
> unique policy. I pushed two changes to [1] fixing this issue.
> Let me know if this works for you.
>
>[1]http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/ikev1-rekeying
>
The patch work for us. Phase 1 rekeying with policy=unique now works without problems.
Thanks
Gerald
More information about the Users
mailing list