[strongSwan] Ikev2 rekeying failure on EC2 site2site tunnel
Isaac Hollander
isaac.hollander at selerityinc.com
Wed Sep 7 16:14:28 CEST 2016
The ExpiryRekey doc references functionality available in 5.3.x and up.
Running 5.1.2, I can't use make-before-break.
I don't have any data flowing over the tunnel right now, which may be
causing it to drop. I want it to just stay up. Will try adjusting other
parameters, such as dpdaction.
Thanks for the quick response...
Isaac
On Wed, Sep 7, 2016 at 3:31 AM, Tobias Brunner <tobias at strongswan.org>
wrote:
> Hi Isaac,
>
> > Sep 6 17:12:17 ec2vsswp01 charon: 09[IKE] unable to reauthenticate
> > IKE_SA, no CHILD_SA to recreate
>
> Check the log for information why there is no CHILD_SA. Maybe it was
> deleted by the other peer (e.g. due to inactivity). You might want to
> consider using `auto=route` and reading [1] might clarify some things too.
>
> Regards,
> Tobias
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey
>
>
--
Isaac Hollander
Technical Operations Manager
Selerity http://www.seleritycorp.com
Main: (646) 655-0719
Direct: (646) 434-1228
Support queries to support at seleritycorp.com
Get personalized content in your enterprise app using Selerity Context
<http://www.seleritycorp.com/products.html>!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160907/206e598c/attachment.html>
More information about the Users
mailing list