[strongSwan] Charon IKEv1 rekeying?

Andreas Ntaflos daff at pseudoterminal.org
Thu May 9 00:43:44 CEST 2013

On 2013-05-03 10:36, Gerald Richter - ECOS wrote:
> Hi,
> during the debugging of IKEv1 rekeying I found out that the old
> IKE_SA gets deleted before the new on is fully established.
> So from my point of view the local deletion of the ike_sa needs to be
> delayed after the new ike_sa is fully established.
> Any comments?


I can't comment much except that I believe I am seeing the same problem.
StrongSwan 5.0.3 with IKEv1 against a Cisco ASA (over which I have no
control at all).

I tried setting "uniqueids = no" (as per the previous discussions on the
topic) but that doesn't seem to help much.

In the logs this looks like this with "uniqueids = no":

With "uniqueids = yes":

In both cases I have to do "ipsec up theconnection" to start it again.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130509/715e1b53/attachment.pgp>

More information about the Users mailing list