[strongSwan] Multiple ChildSA

Naveen Neelakanta naveen.b.neelakanta at gmail.com
Sat May 5 03:39:30 CEST 2018


Hi

I have a ikev1 session up, however i also see multiple child SA, if leave
the seesion for a log run. Would like to understand on this scenario and
should i take any actions if these scenarios is seen .

sl1childsa: #726, reqid 368, INSTALLED, TUNNEL-in-UDP,
ESP:AES_CBC-128/HMAC_SHA1_96
installed 6854s ago, rekeying in 20343s, expires in 21947s
in 87e44243 (0x00000001), 0 bytes, 0 packets
out 01ba724f (0x00000001), 0 bytes, 0 packets, 118s ago
local 0.0.0.0/0
remote 0.0.0.0/0
sl1childsa: #727, reqid 368, INSTALLED, TUNNEL-in-UDP,
ESP:AES_CBC-128/HMAC_SHA1_96
installed 6853s ago, rekeying in 20334s, expires in 21947s
in ad7acce9 (0x00000001), 0 bytes, 0 packets
out 0602acec (0x00000001), 0 bytes, 0 packets, 118s ago
local 0.0.0.0/0
remote 0.0.0.0/0
sl1childsa: #728, reqid 368, INSTALLED, TUNNEL-in-UDP,
ESP:AES_CBC-128/HMAC_SHA1_96
installed 6853s ago, rekeying in 20261s, expires in 21947s
in 884e04f1 (0x00000001), 504 bytes, 6 packets, 119s ago
out 0a8309e2 (0x00000001), 588 bytes, 7 packets, 118s ago
local 0.0.0.0/0
remote 0.0.0.0/0

I believe in ikev1 there is no rekey , its just reauth.

Regards,
Naveen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180504/bdecdce4/attachment.html>


More information about the Users mailing list