[strongSwan] Ikev2 rekeying failure on EC2 site2site tunnel

Isaac Hollander isaac.hollander at selerityinc.com
Wed Sep 7 16:14:28 CEST 2016

The ExpiryRekey doc references functionality available in 5.3.x and up.
Running 5.1.2, I can't use make-before-break.

I don't have any data flowing over the tunnel right now, which may be
causing it to drop.  I want it to just stay up.  Will try adjusting other
parameters, such as dpdaction.

Thanks for the quick response...


On Wed, Sep 7, 2016 at 3:31 AM, Tobias Brunner <tobias at strongswan.org>

> Hi Isaac,
> > Sep  6 17:12:17 ec2vsswp01 charon: 09[IKE] unable to reauthenticate
> > IKE_SA, no CHILD_SA to recreate
> Check the log for information why there is no CHILD_SA.  Maybe it was
> deleted by the other peer (e.g. due to inactivity).  You might want to
> consider using `auto=route` and reading [1] might clarify some things too.
> Regards,
> Tobias
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey

Isaac Hollander
Technical Operations Manager
Selerity   http://www.seleritycorp.com
Main: (646) 655-0719
Direct: (646) 434-1228
Support queries to support at seleritycorp.com

Get personalized content in your enterprise app using Selerity Context
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160907/206e598c/attachment.html>

More information about the Users mailing list