[strongSwan] Ikev2 rekeying failure on EC2 site2site tunnel

Tobias Brunner tobias at strongswan.org
Wed Sep 7 09:31:43 CEST 2016

Hi Isaac,

> Sep  6 17:12:17 ec2vsswp01 charon: 09[IKE] unable to reauthenticate
> IKE_SA, no CHILD_SA to recreate

Check the log for information why there is no CHILD_SA.  Maybe it was
deleted by the other peer (e.g. due to inactivity).  You might want to
consider using `auto=route` and reading [1] might clarify some things too.


[1] https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey

More information about the Users mailing list