Hi I am doing one test scenario where the ip address are dynamically configured on the interface .Due to this what i observe is , reauthentication of ike is happening due to address change, though the configured ip is not related to any configured policy . Is it possible to disable the reauthentication of the ike due to ip address change . I have also configured "reauth=no" in all the policy to check whether it has any effect but seems that it is not taken into effect .
The configuration is as follows : 1) Policy 1 is configured on eth1 interface (1.1.1.1/24) with reauth=no and ikev2 2) Policy 2 is configured on eth1:1 (virtual ip address 1.1.1.2/24) with reauth =no and ikev2 Now when ipsec is up , tunnel will be established properly (both ike sa and child sa) .Then i configured another IP address on eth3 (4.4.4.4/24) using ifconfig command . The configured ip is visible to the strongswan and due to this it goes for the "reauthenticating IKE_SA due to address change". Most strange part is reauthentication goes only for the virtual ip address configuration(1.1.1.2) but not for the Actual ip configured at the interface (eth1, 1.1.1.1). So want to know the following information . 1) Is reauth=no has any effect or i am doing some wrong configuration 2) IS reauth =no is applicable to single policy or as whole (if configured per policy basis or in default) 3) why the reauthentication is happening for the virtual ip address not for the actual ip address configured . Thanks in advance Regards Ujjal.
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
