[strongSwan] Traffic selector modification ignored when rekeying SA

Tobias Brunner tobias at strongswan.org
Mon Aug 21 16:04:54 CEST 2017

Previous message: [strongSwan] Traffic selector modification ignored when rekeying SA
Next message: [strongSwan] Traffic selector modification ignored when rekeying SA
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

> So as of today, the only way to update traffic selector list for a given
> connexion with strongswan is to wait for the next reauthentication,
> meaning potential packet drops during the process.

If the remote end's config allows it, you can create a new CHILD_SA with
new TS and remove the old one.

Regard,
Tobias

Previous message: [strongSwan] Traffic selector modification ignored when rekeying SA
Next message: [strongSwan] Traffic selector modification ignored when rekeying SA
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list