[strongSwan] Multiple Child_SAs are causing traffic drop

Martin Willi martin at strongswan.org
Tue Oct 1 10:12:34 CEST 2013

> From the Charon log (vpn-57-122.log) I see that the SPI the Checkpoint
> is using (line 598) has been established later that the one used by
> strongswan (line 523), so I would assume that strongswan uses the
> older SPI.

I don't agree. The CHILD_SA {404} was established at line 119 along with
IKE_AUTH initiated by charon, line 589 shows just (one of two) rekeyings
of the same CHILD_SA established earlier. {458} gets established by
Checkpoint on line 291, and gets rekeyed at line 523.

Probably Checkpoint uses the "last SA rekeyed", while strongSwan uses
the "last SA established".


More information about the Users mailing list