[strongSwan] Charon IKEv1 rekeying?

Gerald Richter - ECOS richter at ecos.de
Fri Mar 1 16:15:11 CET 2013

Hi Martin,

> > deleting duplicate IKE_SA for peer 'DC=test, DC=testuml,
> > OU=Zertifikate, CN=ipsec cert' due to uniqueness policy
> > If I add " uniqueids = no" to the ipsec.conf, it works, but this was
> > never necessary in the past.
> This is indeed an issue: ISAKMP reauthentication does not properly migrate
> children from the replaced to the new SA. This is required when having a
> unique policy. I pushed two changes to [1] fixing this issue.
> Let me know if this works for you.

The patch work for us. Phase 1 rekeying with policy=unique now works without problems.



More information about the Users mailing list