[strongSwan] Charon IKEv1 rekeying?
daff at pseudoterminal.org
Thu May 9 00:43:44 CEST 2013
On 2013-05-03 10:36, Gerald Richter - ECOS wrote:
> during the debugging of IKEv1 rekeying I found out that the old
> IKE_SA gets deleted before the new on is fully established.
> So from my point of view the local deletion of the ike_sa needs to be
> delayed after the new ike_sa is fully established.
> Any comments?
I can't comment much except that I believe I am seeing the same problem.
StrongSwan 5.0.3 with IKEv1 against a Cisco ASA (over which I have no
control at all).
I tried setting "uniqueids = no" (as per the previous discussions on the
topic) but that doesn't seem to help much.
In the logs this looks like this with "uniqueids = no":
With "uniqueids = yes":
In both cases I have to do "ipsec up theconnection" to start it again.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 261 bytes
Desc: OpenPGP digital signature
More information about the Users