Looking at the logs, it looks that all CHILD_SA attached to the IKE_SA
are rekeyed and removed with Delete Payload, but the IKE_SA does not
seems to be deleted with Delete Payloads. On the other hand ipsec
statusall does not shows the old IKE_SA.
If strongswan does not support an IKE_SA REKEY, I would like to know if
there are any reasons for that, or if it just not yet implemented.
BR,
Daniel
On 07/25/2013 07:40 PM, Daniel Palomares wrote:
Hello all,
I was just wondering to know if strongswan can perform rekey for ONLY
IKE_SAs and not IPsec SAs.
Whether the response is yes or no:
Does strongSwan keep the old IKE_SA keying material during REKEY (for
only IKE_SA or both IKE_SA and IPsec_SA) ?
Thanks guys
Daniel
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
