[strongSwan] Ikev2 rekeying failure on EC2 site2site tunnel
isaac.hollander at selerityinc.com
Mon Sep 12 23:27:52 CEST 2016
We ended up building 5.3.5 natively on Trusty and make-before-break works
Thanks for the help!
On Wed, Sep 7, 2016 at 10:14 AM, Isaac Hollander <
isaac.hollander at selerityinc.com> wrote:
> The ExpiryRekey doc references functionality available in 5.3.x and up.
> Running 5.1.2, I can't use make-before-break.
> I don't have any data flowing over the tunnel right now, which may be
> causing it to drop. I want it to just stay up. Will try adjusting other
> parameters, such as dpdaction.
> Thanks for the quick response...
> On Wed, Sep 7, 2016 at 3:31 AM, Tobias Brunner <tobias at strongswan.org>
>> Hi Isaac,
>> > Sep 6 17:12:17 ec2vsswp01 charon: 09[IKE] unable to reauthenticate
>> > IKE_SA, no CHILD_SA to recreate
>> Check the log for information why there is no CHILD_SA. Maybe it was
>> deleted by the other peer (e.g. due to inactivity). You might want to
>> consider using `auto=route` and reading  might clarify some things too.
>>  https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey
> Isaac Hollander
> Technical Operations Manager
> Selerity http://www.seleritycorp.com
> Main: (646) 655-0719
> Direct: (646) 434-1228
> Support queries to support at seleritycorp.com
> Get personalized content in your enterprise app using Selerity Context
Technical Operations Manager
Main: (646) 655-0719
Direct: (646) 434-1228
Support queries to support at seleritycorp.com
Get personalized content in your enterprise app using Selerity Context
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users