[strongSwan] Strongswan IKEv2 Stack (charon): Are the Tunnels brought automatically down if peer or own Certificate is detected as revoked or expired at runtime.
sajalmalhotra at gmail.com
Fri Nov 14 14:42:18 CET 2014
Thanks for your very quick response.
Can you let me know how re-authentication can be enabled? Is this an option
compliant with RFC4306 because i could not find any re-authentication
mechanism there. Or are you referring to RFC 4478?
Also is it supported in strongswan v4.2.8 as well?
On Fri, Nov 14, 2014 at 4:48 PM, Martin Willi <martin at strongswan.org> wrote:
> Hi Sajal,
> > If a IKEv2 tunnel is already established with a peer, then is this tunnel
> > brought down automatically by strongswan
> No, the trust chain is validated during the initial tunnel setup only.
> As reauthentication re-establishes the tunnel (if not disabled), the
> trustchain gets re-evaluated periodically according to your ikelifetime.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users