[strongSwan] issues with Child SA re-negotiation
Nikhil.Agarwal at freescale.com
Nikhil.Agarwal at freescale.com
Mon Nov 17 11:43:11 CET 2014
HI All,
I am facing an issue with strongswan IKEv2 setup (using version 5.1.1 with Charon daemon).
While re-negotiating child SA, old SAs/Policies are first deleted and then the new SA are created. Due to this issue in the transition time some of the packets are leaked unencrypted to the network.
In IKEv1 this setup works fine. New SAs are first established and the old SAs are timed out.
Please let me know if I am missing some configuration for strongswan required for IKEv2.
P.S. For quick reference ipsec.conf and strongswan.conf are attached.
Regards
Nikhil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141117/bc1aee37/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: strongswan.conf
Type: application/octet-stream
Size: 435 bytes
Desc: strongswan.conf
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141117/bc1aee37/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 775 bytes
Desc: ipsec.conf
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141117/bc1aee37/attachment-0001.obj>
More information about the Users
mailing list