[strongSwan] Traffic selector modification ignored when rekeying SA

Tobias Brunner tobias at strongswan.org
Mon Aug 21 16:04:54 CEST 2017


> So as of today, the only way to update traffic selector list for a given
> connexion with strongswan is to wait for the next reauthentication,
> meaning potential packet drops during the process.

If the remote end's config allows it, you can create a new CHILD_SA with
new TS and remove the old one.


More information about the Users mailing list