[strongSwan] Strongswan IKEv2 Stack (charon): Are the Tunnels brought automatically down if peer or own Certificate is detected as revoked or expired at runtime.

Sajal Malhotra sajalmalhotra at gmail.com
Fri Nov 14 14:42:18 CET 2014

Hi Martin,

Thanks for your very quick response.
Can you let me know how re-authentication can be enabled? Is this an option
compliant with RFC4306 because i could not find any re-authentication
mechanism there. Or are you referring to RFC 4478?

Also is it supported in strongswan v4.2.8 as well?


On Fri, Nov 14, 2014 at 4:48 PM, Martin Willi <martin at strongswan.org> wrote:

> Hi Sajal,
> > If a IKEv2 tunnel is already established with a peer, then is this tunnel
> > brought down automatically by strongswan
> No, the trust chain is validated during the initial tunnel setup only.
> As reauthentication re-establishes the tunnel (if not disabled), the
> trustchain gets re-evaluated periodically according to your ikelifetime.
> Regards
> Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141114/cf1014d9/attachment.html>

More information about the Users mailing list