[strongSwan] issues with Child SA re-negotiation

Martin Willi martin at strongswan.org
Tue Nov 18 10:27:35 CET 2014

> Does IKEv1 re-authentication support make-before-break mechanism?

IKEv1 does not re-negotiate the Quick Modes during re-authentication,
but the existing Quick Modes are still valid after removing the old
ISAKMP-SA. In strongSwan we migrate the Quick Modes to the new ISAKMP-SA
if re-authentication is detected; so yes, connectivity stays up during
IKEv1 re-authentication.


More information about the Users mailing list