[strongSwan] Ikev2 rekeying failure on EC2 site2site tunnel

[Isaac Hollander]

Hi, everyone.

We ended up building 5.3.5 natively on Trusty and make-before-break works
as advertised.

Thanks for the help!

Isaac


On Wed, Sep 7, 2016 at 10:14 AM, Isaac Hollander <
isaac.hollander at selerityinc.com> wrote:

> The ExpiryRekey doc references functionality available in 5.3.x and up.
> Running 5.1.2, I can't use make-before-break.
>
> I don't have any data flowing over the tunnel right now, which may be
> causing it to drop.  I want it to just stay up.  Will try adjusting other
> parameters, such as dpdaction.
>
> Thanks for the quick response...
>
> Isaac
>
> On Wed, Sep 7, 2016 at 3:31 AM, Tobias Brunner <tobias at strongswan.org>
> wrote:
>
>> Hi Isaac,
>>
>> > Sep  6 17:12:17 ec2vsswp01 charon: 09[IKE] unable to reauthenticate
>> > IKE_SA, no CHILD_SA to recreate
>>
>> Check the log for information why there is no CHILD_SA.  Maybe it was
>> deleted by the other peer (e.g. due to inactivity).  You might want to
>> consider using `auto=route` and reading [1] might clarify some things too.
>>
>> Regards,
>> Tobias
>>
>> [1] https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey
>>
>>
>
>
> --
> Isaac Hollander
> Technical Operations Manager
> Selerity   http://www.seleritycorp.com
> Main: (646) 655-0719
> Direct: (646) 434-1228
> Support queries to support at seleritycorp.com
>
> Get personalized content in your enterprise app using Selerity Context
> <http://www.seleritycorp.com/products.html>!
>



-- 
Isaac Hollander
Technical Operations Manager
Selerity   http://www.seleritycorp.com
Main: (646) 655-0719
Direct: (646) 434-1228
Support queries to support at seleritycorp.com

Get personalized content in your enterprise app using Selerity Context
<http://www.seleritycorp.com/products.html>!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160912/c1f2bdcd/attachment.html>