[strongSwan] After a failed CHILD_SA rekey, rekey attempt is being continuously done

m.divya.mohan m.divya.mohan at zoho.com
Fri Apr 25 12:30:26 CEST 2014


Could you please help regarding this.

- Divya

---- On Wed, 23 Apr 2014 22:00:36 -0700 m.divya.mohan  wrote ---- 

>Sorry, I did not understand how this could be an issue with Juniper.
>Could you please elaborate on this.
>When the rekey attempt fails, shouldn't charon delete this SA after a limited number of retries, instead of infinitely trying to rekey?
>- Divya 
>> Hello,
>> That is a known issue and is caused by certain Juniper firmwares returning wrong SPI numbers.
>> To work around this issue, disable rekeying (rekey=no) and reauthenticate instead.
>> Regards,
>> Noel Kuntze

More information about the Users mailing list