[strongSwan] Does "reauth=no" apply to IKEv2 connections ONLY?
Rajiv Kulkarni
rajivkulkarni69 at gmail.com
Mon Dec 4 06:18:05 CET 2017
Hi
Although mentioned in the wiki that IKEv1 always does reauthentication when
rekeying IKEv1-SAs...
I still was getting some doubts...Can you please confirm that if i use the
below config for ipsec (using Strongswan 5.5.x)...the use of "reauth=no" in
the "conn default" will apply to all IKEv2 connections AND ONLY to IKEv2
connections
Can you clarify that this option will NOT have any effect on IKEv1
connections
======================
conn %default
ikelifetime=3h
keylife=1h
mobike=no
dpddelay=30s
dpdtimeout=90s
dpdaction=clear
fragmentation=yes
leftsendcert=always
reauth=no
conn tun1_V1
left=172.31.32.201
right=192.168.0.100
...
...
type=tunnel
keyexchange=ikev1
auto=route
conn tun2_V2
left=172.31.32.201
right=172.28.28.102
...
...
type=tunnel
keyexchange=ikev2
auto=route
conn tun3_V2
left=172.31.32.201
right=172.29.1.2
...
...
type=tunnel
keyexchange=ikev2
auto=route
======================
thanks & regards
Rajiv
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171204/aa9004d2/attachment.html>
More information about the Users
mailing list