Thanks Andreas.
That helped.
Please clarify me in one more doubt.
In the ipsec.conf MAN page, under the *pfs* section, it is written that,
*IKEv2 always uses PFS for IKE_SA rekeying*.
But in RFC, the KE payload is still optional even in IKESA rekeying.
So why strongswan is always using PFS for
Hi,
So why strongswan is always using PFS for ike_sa rekeying?
It was optional in RFC4306, but recommended to use. In IKEv2bis it is
not optional anymore, the KE payload is required (see [1]).
Can i disable that in some way?
No, strongSwan does not support IKE_SA rekeying without DH
You can disable re-authentication and replace it by IKE_SA rekeying
by adding the line
reauth=no
to your connection definition in ipsec.conf
Regards
Andreas
Balaji J wrote:
Hi ppl,
Is there any way to configure strongswan for disabling the repeated
authentication notify
