[strongSwan] Strongswan IKEv2 Stack (charon): Are the Tunnels brought automatically down if peer or own Certificate is detected as revoked or expired at runtime.

Martin Willi martin at strongswan.org
Fri Nov 14 12:18:45 CET 2014

Hi Sajal,

> If a IKEv2 tunnel is already established with a peer, then is this tunnel
> brought down automatically by strongswan

No, the trust chain is validated during the initial tunnel setup only.
As reauthentication re-establishes the tunnel (if not disabled), the
trustchain gets re-evaluated periodically according to your ikelifetime.


More information about the Users mailing list