[strongSwan] IKE Rekey is not working with no reauth
ashok kj
ashok_asij at yahoo.com
Mon May 26 17:11:53 CEST 2014
Hi,
I am using StrongSwan version 5.1.1 with the following configuration.
Here I have clearly mentioned only rekey should happen at IKE/IPSec
lifetime expiry. IPSec lifetime expiry works as expected but when it
comes to IKE lifetime expiry I could see task activity as IKE_REKEY
and task queued as IKE_DELETE. After which IKE tunnel gets deleted.
Please see the ipsec.conf used
# ipsec.conf - strongSwan IPsec configuration file
config setup
charondebug="ike 0, chd 2, cfg 2, net 3, enc 2, lib 2, mgr 2, knl 2 dmn -1"
conn home
left=10.206.1.113
leftid=00A0C6EB636E at picasso.com
leftauth=eap-md5
leftsourceip=%config
leftfirewall=yes
ike=3des-sha1-prfsha1-modp1024
esp=aes128-sha1
right=10.201.50.1
rightsubnet=0.0.0.0/0
rightid=picasso.com
rightauth=psk
auto=add
dpdtimeout=200s
dpdaction=clear
ikelifetime=3600
lifetime=36000
reauth=no
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
Am I missing anything here so that IKE goes without re-authentication and only rekey should happen?
Regards
Ashok
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140526/ec6b23cb/attachment-0001.html>
More information about the Users
mailing list