Hi,
> So why strongswan is always using PFS for ike_sa rekeying?
It was optional in RFC4306, but recommended to use. In IKEv2bis it is
not optional anymore, the KE payload is required (see [1]).
> Can i disable that in some way?
No, strongSwan does not support IKE_SA rekeying without DH exchang
Thanks Andreas.
That helped.
Please clarify me in one more doubt.
In the ipsec.conf MAN page, under the "*pfs*" section, it is written that,
"*IKEv2 always uses PFS for IKE_SA rekeying*".
But in RFC, the KE payload is still optional even in IKESA rekeying.
So why strongswan is always using PFS fo
You can disable re-authentication and replace it by IKE_SA rekeying
by adding the line
reauth=no
to your connection definition in ipsec.conf
Regards
Andreas
Balaji J wrote:
> Hi ppl,
>
> Is there any way to configure strongswan for disabling the repeated
> authentication notify payload(rfc4
Hi ppl,
Is there any way to configure strongswan for disabling the repeated
authentication notify payload(rfc4478) it sends with IKE_AUTH reply?
Basically, i want to disable the repeated authentication in strongswan. Is
it possible?
Thanks in advance.
Regards,
...Balaji.J
___