[strongSwan] Strongswan IKEv2 Stack (charon): Are the Tunnels brought automatically down if peer or own Certificate is detected as revoked or expired at runtime.

[Martin Willi]

Hi Sajal,

> If a IKEv2 tunnel is already established with a peer, then is this tunnel
> brought down automatically by strongswan

No, the trust chain is validated during the initial tunnel setup only.
As reauthentication re-establishes the tunnel (if not disabled), the
trustchain gets re-evaluated periodically according to your ikelifetime.

Regards
Martin