[strongSwan] packet loss during inline rekey

Nalla, Pradeep Pradeep.Nalla at cavium.com
Fri Oct 21 09:29:40 CEST 2016


Query regarding packet loss during rekey. I was using reauth=no for inline rekeying. After soft expiry, new CHILD_SA is negotiated, established and followed by the policy update on both the gateways.

When does the old CHILD_SA gets deleted?. For my case it is deleted right after new SA establishment via INFORMATIONAL[D] requests messages exchanged between the gateways. How to have enough time between the new SA addition and old SA deletion.

There is a brief packet loss at the rekey initiator due to not finding inbound SA (It has encountered the packets encrypted using old CHILD_SA). Is this loss expected? If not how can this be avoided?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161021/d8a82989/attachment.html>

More information about the Users mailing list