[strongSwan] Issue with load setup of strongswan

[sunny kumar]

Hi All,

I am using LOAD setup of strongswan as client for EAP_AKA scenario and
getting a couple of issues.

1. I am able to get the call established. But the problem is child SA rekey
is not getting started (i cannot see CREATE_CHILD_SA messages going out)
from strongswan on the other hand IKE SA rekey is working fine.

2. When i am initiating ping with newly assigned virtual IP then ESP
packets are not going out.


strongswan.conf that i am using :
charon {
        filelog {
        /var/log/charon.log {
        ike_name = yes
        default = 4
        }
        }
        reuse_ikesa = no
        plugins {
        load-tester {
                load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce
x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf
eap-identity eap-aka eap-aka-3gpp2 updown
                enable = yes
                initiators = 1
                iterations = 1
                delay =
                fake_kernel = yes
                responder = 172.19.21.249
                proposal = aes128-sha1-modp1024
                initiator_auth = eap
                responder_auth = pubkey
                initiator_id = carol at strongswan.org
                responder_id = moon.strongswan.org
                proposal = aes128-sha1-modp1024
                request_virtual_ip = yes
                ike_rekey = 50
                child_rekey = 30
                delete_after_establishment = no
                shutdown_when_complete = no
                }
        }
        #integrity_test = yes
}


Can anyone suggest me solution for above issues.
Thanks in advance.

Regards,
Sunny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160205/6446fa37/attachment.html>