I set the IKERekey time as following:
conn %default
ikelifetime=6m
keylife=3m
rekeymargin=1m
keyingtries=2
rekeyfuzz =0%
but I found that the message always like the following, this will
cause the stop of data transfer.
1. INFORMATIONAL (deleting IKE_SA)
2. INFORMATIONAL (deleting IKE_SA confirm)
at this time the IPSEC tunnel is destroyed
3. IKE_SA_INIT
4. IKE_SA_INIT
5. IKE_AUTH
6. IKE_AUTH
the new IPSEC tunnel setup.
I think the right sequence of message should be like the
following(defined by rfc 4306 2.8.rekeying), then the data transfer
will not stop.
1. IKE_SA_INIT
2. IKE_SA_INIT
3. IKE_AUTH
4. IKE_AUTH
5. INFORMATIONAL (deleting IKE_SA)
6. INFORMATIONAL (deleting IKE_SA confirm)
anyone can help me.
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
