[strongSwan] make before break and default activation
Emeric POUPON
emeric.poupon at stormshield.eu
Mon Jul 24 12:18:56 CEST 2017
Hi,
> Hi Emeric,
>
>>>> To be more specific:
>>>> - what happens exactly if it is enabled only on one side?
>>>
>>> It only has an effect on the peer that initiates the reauthentication.
>>> Enabling it on a host that's always responder has no effect at all.
>>
>> What happens on strongSwan>=5.3.0 if the peer that has the make-before-break
>> option set initiates the reauthentication first?
>
> I don't understand the question.
Two peers try to renegotiate an IKE SA, they both use strongSwan >=5.3.0
The first peer has the make-before-break authentication enabled
The second peer does not have the make-before-break authentication enabled
What happens if the first peer initiates first?
Regards,
Emeric
More information about the Users
mailing list