[strongSwan] Charon IKEv1 rekeying?
Andreas Ntaflos
daff at pseudoterminal.org
Thu May 9 00:43:44 CEST 2013
On 2013-05-03 10:36, Gerald Richter - ECOS wrote:
> Hi,
>
> during the debugging of IKEv1 rekeying I found out that the old
> IKE_SA gets deleted before the new on is fully established.
[...]
> So from my point of view the local deletion of the ike_sa needs to be
> delayed after the new ike_sa is fully established.
>
> Any comments?
Hi,
I can't comment much except that I believe I am seeing the same problem.
StrongSwan 5.0.3 with IKEv1 against a Cisco ASA (over which I have no
control at all).
I tried setting "uniqueids = no" (as per the previous discussions on the
topic) but that doesn't seem to help much.
In the logs this looks like this with "uniqueids = no":
http://pastie.org/pastes/7820117/text?key=rdfidtfi8cogiglommtoq
With "uniqueids = yes":
http://pastie.org/pastes/7820136/text?key=rmcgqev4atibcsjipf5rfw
In both cases I have to do "ipsec up theconnection" to start it again.
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130509/715e1b53/attachment.pgp>
More information about the Users
mailing list