Hi Kumuda, > We observe that, when ike sa life time expires, initiator triggers > INFORMATION exchange with remote node (by sending DELETE payload for > current SA). But RFC says CREATE_CHILD_SA request is used to initiate > rekeying IKE SA.
By default, strongSwan does a complete IKE_SA re-authentication if the lifetime expires. You can change this behavior to use IKE_SA rekeying instead by setting reauth=no in your connection. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
