Hi, I'm testing strongSwan against racoon for an upgrade path. But it seems the IKEv1 IKE_SA rekeying fails. What happens is: 1) racoon rekeys phase1 2) strongSwan accepts, and queues adopt_children_job 3) adopt_children_job moves all childs to the new IKE_SA just fine, but then it unconditionally terminates the old IKE_SAs. even if my config has "unique=no" for the peer. apparently it's bug in adpot_children_job::execute? 4) racoon keeps DPDing the old IKE_SA which got deleted on swan side (probably racoon bug that delete notification is not handled right) 5) racoon DPD says the peer is dead, and kills all SAs 6) connection lost until everything restarted from start
Would it be possible to fix adopt_children_job to honor "unique=no" and not delete the old IKE_SAs? Thanks, Timo _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
