[strongSwan] IKEv2 retransmission of Android app

Piotr Soróbka psorobka at gmail.com
Thu Feb 16 10:52:17 CET 2017


Hi Piotr,

> But how can I control this on Android? Is it hardcoded somewhere? If
> yes, can somebody help me and point me to the right direction?

See [1] or [2].


Where is [1] or [2]? :)


> I'm trying to use OTP to authenticate IKEv2. So far, so good, but the
> main issue is to maintain the tunnel as long as possible - I don't want
> to put my OTP every time I loss of coverage occurs.

Why would that cause the IKE_SA to get reestablished?  MOBIKE should
take care of that, that is, there shouldn't be any packets sent and,
therefore, no retransmits while connectivity is down.  And afterwards
the existing SAs should simply get updated via MOBIKE.


But If there is a loss of connection for 5 minutes, then on the server I
see
that:

 lease 10.10.10.2 by 'Foo' went offline

And when the connection is back online, the strongswan client is doing
reauth.

If the retransmision is tweaked on the server side, will it help with that?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170216/99d4c10d/attachment.html>


More information about the Users mailing list