[strongSwan] make before break and default activation

Emeric POUPON emeric.poupon at stormshield.eu
Mon Jul 24 12:18:56 CEST 2017


> Hi Emeric,
>>>> To be more specific:
>>>> - what happens exactly if it is enabled only on one side?
>>> It only has an effect on the peer that initiates the reauthentication.
>>> Enabling it on a host that's always responder has no effect at all.
>> What happens on strongSwan>=5.3.0 if the peer that has the make-before-break
>> option set initiates the reauthentication first?
> I don't understand the question.

Two peers try to renegotiate an IKE SA, they both use strongSwan >=5.3.0
The first peer has the make-before-break authentication enabled
The second peer does not have the make-before-break authentication enabled

What happens if the first peer initiates first? 


More information about the Users mailing list