Hi, that option should enable using reauthentication of IKE SAs instead of rekeying them as per RFC7296 Section 2.8.3 ( https://tools.ietf.org/html/rfc7296#section-2.8.3.), when libreswan is the initiator of rekeying (that is, reauthentication in this case). And yes, it isn't documented in man pages.
Don't know if that will help you solve your problem. Regards, Vukasin чет, 29. авг 2019. у 15:01 John Crisp <[email protected]> је написао/ла: > Hi, > > My connections from Endian -> Libre drop every week (I think when the > logs rotate and some services restart) > > I has been suggested by Endian (using Strongswan) that apparently I > should set 'reauth' in my Libreswan setup. > > However, I cannot see that as an option in the man page? > > Oddly enough I noticed while messing about that if I add it to the > ipsec.conf file it passes muster with ipsec verify !! > > grep reauth /etc/ipsec.d/ipsec.conf > reauth=yes > > ipsec verify > Verifying installed system and configuration files > > Version check and ipsec on-path [OK] > Libreswan 3.29 (netkey) on 2.6.32-754.18.2.el6.x86_64 > Checking for IPsec support in kernel [OK] > NETKEY: Testing XFRM related proc values > ICMP default/send_redirects [OK] > ICMP default/accept_redirects [OK] > XFRM larval drop [OK] > Pluto ipsec.conf syntax [OK] > Blah.... > > Any suggestions? > > B. Rgds > John > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
