Hi, Thanks for your reply.
With your help now I am able to create IKE SA and CHILD SA but there is a problem with updation & rekeying of IKE SA:- 1. I am trying to change a/all parameter (for e.g:- rekeytime, encryption algo, integrity algo, DH group parameter) in ipsec.conf so that when I do "ipsec update" the ike established should apply the new parameters at the time of rekeying but what i am seeing that this is not happening? the IKE SA is still using the old config parameters even after rekeying. 2. Also, IKE SA is not getting rekeyed only its CHILD SA is getting rekeyed.the status for IKE SA says that rekey is disabled for it? So, how do I enable rekey of the IKE SA and also how do I apply any change in a parameter of ipsec.conf to IKE SA without bringing the IKE SA down? Here's my ipsec.conf files for the two peers: Peer_1:- # ipsec.conf - strongSwan IPsec configuration file config setup plutostart=no strictcrlpolicy=no conn %default ikelifetime=3m keyexchange=ikev2 keyingtries=1 keylife=2m reauth=no mobike=no rekeymargin=2m ike=aes128-sha1-modp2048! esp=aes256-sha1-modp2048! conn carol authby=psk left=10.118.209.204 right=10.3.5.218 leftid=10.0.3.1 rightid=10.0.3.3 auto=add Peer_2:- # ipsec.conf - strongSwan IPsec configuration file config setup plutostart=no strictcrlpolicy=no conn %default ikelifetime=3m keyexchange=ikev2 keyingtries=1 keylife=3m reauth=no mobike=no rekeymargin=2m ike=aes128-sha1-modp2048! esp=aes128-sha1-modp2048! conn carol authby=psk left=10.3.5.218 right=10.118.209.204 rightid=10.0.3.1 leftid=10.0.3.3 auto=add Please help me. Thanks for your help in advance. Regards, Vivek _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users