Hi,
When a CHILD_SA is rekeyed, there is a time when SAD will have two SA
entries corresponding to the CHILD_SA that is rekeyed. In other words
this is the time, when stack has received a correct response to
CREATE_CHILD_SA Request and hence has installed the new SA in SAD,
however it has yet
Hi,
The webpage http://wiki.strongswan.org/wiki/1/KernelModules
states that the following kernel modules are required for strongswan
operation:
Networking ---
Networking options ---
Transformation user configuration interface
PF_KEY sockets
TCP/IP networking
IP: advanced
I've got a host-to-host connection that should be kept alive 24/7.
machine 1:
config setup
plutostart=no # IKEv1
charonstart=yes # IKEv2
nat_traversal=no
# Add connections here.
# Sample VPN connections
conn %default
ikelifetime=60m
Hi,
are you running strongSwan on CentOS or RedHat? There is an issue with
these Linux kernels where IPsec policies get deleted when they are
queried e.g. by ipsec statusall or DPD. I think this kernel bug was
fixed recently by RedHat.
Best regards
Andreas
ServerAlex wrote:
I've got a
