[strongSwan] Traffic selector modification ignored when rekeying SA
Mike Taylor
mtaylor at unicoi.com
Thu Jul 13 18:05:02 CEST 2017
Hello, I happened to be working to upgrade an existing IKEv2 to RFC7296 and
one of the things I noticed in RFC7296 came to mind when seeing this thread.
>From RFC7296 Section 1.7
In Section 2.8, "Note that, when rekeying, the new Child SA MAY have
different Traffic Selectors and algorithms than the old one" was
changed to "Note that, when rekeying, the new Child SA SHOULD NOT
have different Traffic Selectors and algorithms than the old one".
So the behavior of changing the traffic selectors during rekey is discouraged
although not completely forbidden.
Regards,
Mike
-----Original Message-----
From: Users [mailto:users-bounces at lists.strongswan.org] On Behalf Of Tobias Brunner
Sent: Thursday, July 13, 2017 8:58 AM
To: Sarefrech; users at lists.strongswan.org
Subject: Re: [strongSwan] Traffic selector modification ignored when rekeying SA
Hi,
> Is there a way to force TS modification at rekeying time ?
No.
Regards,
Tobias
More information about the Users
mailing list