Hi Volodymyr,
> - what is wrong with make_before_break, why it (according to logs)
> closes and then creates new SA?
That option only affects IKE_SA reauthentication. CHILD_SA rekeying is
different and should always happen overlapping. However, with your
settings, the SA expires pretty much
Hi colleagues,
struggling with the following problem: it seems, that make_before_break
do not process, first closing an existing SA and then negotiating new one:
Responder side logs:
charon-systemd[64387]: closing CHILD_SA pskv2-gagarin-child{17} with SPIs
c9c1dc8e_i (76 bytes) c18d0c57_o (0