Hi Eduardo, > We rely on the system time to be correct.
Depends on how strongSwan is built. If your system provides a monotonic time source and compatible pthread_condvars, we use it. This is checked during ./configure, checking for pthread_condattr_setclock(&attr, CLOCK_MONOTONIC) or alternatively for pthread_cond_timedwait_monotonic If such condvars are available, we use always increasing never jumping time source, and system time changes shouldn't affect rekeying or other timed behavior. > after the rekey, Strong Swan deletes the IKE_SA but does not re-try to > create the IKE_SA If you don't have such a condvar, large time shifts may trigger soft and hard timeouts simultaneously, resulting in a hard timeout. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
