Hello Eduardo, what do you expect? We rely on the system time to be correct. Any huge resets in the actual time will of course affect the correct functioning of the rekeying process.
Best regards Andreas On 03/10/2011 05:13 PM, Eduardo Torres wrote: > Hi, > > I'm seeing the following issue using Strong Swan the scenario is a > follows (test done yesterday March 9). > > - ipsec is started using charon daemon (IKEV2) (date at this moment is > Jan 1 1970) rekey set to yes ikelifetime and ipseclifetime set to 28800 > - Strong Swan creates the connections (date still is Jan 1 1970) > - ran ipsec statusall the connections were created a this point. > - few seconds passed > - date get synced to March 9, this triggers Strong Swan to start a rekey > - after the rekey, Strong Swan deletes the IKE_SA but does not re-try to > create the IKE_SA > - When running ipsec statusall command shows SA as none (never recovers) > > For this scenario I was expecting that Strong Swan try to recover for > this scenario. > > I just want to know if this issue is a known issue, if yes could you pls > provide where exactly the fix was made. > > Thanks in advance > Eduardo Torres ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
