[strongSwan] internal_address_failure after dpd tiemout
ikev2testing at gmail.com
Wed Jul 2 17:23:29 CEST 2014
I'm having issues with some responders when my initiator tries to establish
a new sa after a dpd timeout.
Responder rejects connection with an internal_address_failure due to
initiator is sending the last assigned inner ip as internal_ip4_address
attribute in ike_auth configuration payload.
Initiator has this relevant configuration:
close_ike_on_child_failure = yes
When I restart ipsec, connection can be established succesfully as
initiator sends this attribute empty.
Should initiatior act in this way when it tries to create a new sa after
dpd timeout? If yes, can this behaviour be modified?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users