VPN client server running StrongSwan v5.2.2. Both OSes Centos 6.6.
An IKEv2 IPsec tunnel has been up for a couple days with the client initiating
a ping, once per minute, of the same host behind the VPN gateway. This is the
only application level traffic on the tunnel.
Roughly every two
On 03/12/2015 11:16 AM, Noel Kuntze wrote:
Hello Ken,
It is dependent on the IKE version.
Quote from the man page:
reauth = yes | no
whether rekeying of an IKE_SA should also reauthenticate the
peer. In IKEv1, reauthentication is always done. In
Hi Tom,
Is there a reason that, when using two Strongswan endpoints, one would
not choose reauth=no?
Yes. Reauthentication re-evaluates authentication credentials, checks
the certificate status or rechecks permissions in the AAA backend.
IKE_SA rekeying, as used with reauth=no, only refreshes
