[strongSwan] issues with Child SA re-negotiation

Nikhil.Agarwal at freescale.com Nikhil.Agarwal at freescale.com
Tue Nov 18 07:07:10 CET 2014


HI All,

I am facing an issue with strongswan IKEv2 setup (using version 5.1.1 with Charon daemon).

While re-negotiating child SA, old SAs/Policies are first deleted and then the new SA are created. Due to this issue in the transition time some of the packets are leaked unencrypted to the network.

In IKEv1 this setup works fine. New SAs are first established and the old SAs are timed out.

Please let me know if I am missing some configuration for strongswan required for IKEv2.

P.S. For quick reference ipsec.conf and strongswan.conf are attached.

Regards
Nikhil

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141118/6994ea98/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: strongswan.conf
Type: application/octet-stream
Size: 435 bytes
Desc: strongswan.conf
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141118/6994ea98/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 775 bytes
Desc: ipsec.conf
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141118/6994ea98/attachment-0001.obj>


More information about the Users mailing list