[strongSwan] Ikev2 rekeying failure on EC2 site2site tunnel
isaac.hollander at selerityinc.com
Wed Sep 7 16:14:28 CEST 2016
The ExpiryRekey doc references functionality available in 5.3.x and up.
Running 5.1.2, I can't use make-before-break.
I don't have any data flowing over the tunnel right now, which may be
causing it to drop. I want it to just stay up. Will try adjusting other
parameters, such as dpdaction.
Thanks for the quick response...
On Wed, Sep 7, 2016 at 3:31 AM, Tobias Brunner <tobias at strongswan.org>
> Hi Isaac,
> > Sep 6 17:12:17 ec2vsswp01 charon: 09[IKE] unable to reauthenticate
> > IKE_SA, no CHILD_SA to recreate
> Check the log for information why there is no CHILD_SA. Maybe it was
> deleted by the other peer (e.g. due to inactivity). You might want to
> consider using `auto=route` and reading  might clarify some things too.
>  https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey
Technical Operations Manager
Main: (646) 655-0719
Direct: (646) 434-1228
Support queries to support at seleritycorp.com
Get personalized content in your enterprise app using Selerity Context
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users