[strongSwan] After a failed CHILD_SA rekey, rekey attempt is being continuously done

m.divya.mohan m.divya.mohan at zoho.com
Thu Apr 24 07:00:36 CEST 2014


Sorry, I did not understand how this could be an issue with Juniper.
Could you please elaborate on this.

When the rekey attempt fails, shouldn't charon delete this SA after a limited number of retries, instead of infinitely trying to rekey?

- Divya 

> Hello,
> That is a known issue and is caused by certain Juniper firmwares returning wrong SPI numbers.
> To work around this issue, disable rekeying (rekey=no) and reauthenticate instead.
> Regards,
> Noel Kuntze

More information about the Users mailing list