[strongSwan] OSPF == tons of security associations

Hose hose+strongswan at bluemaggottowel.com
Mon Jan 9 19:29:37 CET 2017

What you say...Noel Kuntze (noel at familie-kuntze.de):

> On 05.01.2017 20:31, Hose wrote:
> > So from what I can tell each time it's doing an IKE re-key it's creating an 
> > additional set of SAs. Any idea why this is occurring? 
> Try disabling reauthentication and/or enabling make_before_break (strongswan.conf setting!).

Unfortunately I'm running 5.2.1 (Debian stable package) and it doesn't
look like it's supported until 5.3.0.; I may have to re-visit this some 
other time when I can roll my own. 

More information about the Users mailing list