[strongSwan] Packets dropped during CHILD SA rekeying
martin at strongswan.org
Wed Apr 29 10:02:21 CEST 2015
> It seems to be related to: https://wiki.strongswan.org/issues/839#note-1
It is, and as discussed in that ticket, is a consequence of the
pair-wise (un-)installation of SAs.
To properly fix this issue, we would have to defer outbound SA
installation/activation as exchange responder to the DELETE message
processing. This requires some non-trivial changes to the CHILD_SA API,
though, and complicates collision handling etc.
More information about the Users