On Mon, Sep 17, 2012 at 6:51 PM, Richard Andrews <[email protected]> wrote: > If you have the default of reauth=yes then the IKE SA must be completely > shut down (and all child SAs) while IKE is restarted. This leads to a > short period where no child SAs are able to carry traffic. > > I suggest you try the same test with ikeliftime=10min (lifetime=30s) and > verify this is the issue. > > If you use IKEv2 and reauth=no then you may avoid this problem. > > > On Mon, 2012-09-17 at 17:23 -0300, Diego Woitasen wrote: >> Hi, >> I'm testing my Strongswan installation and I discover that I have >> packet loss on rekeying. I set this values to reproduce the problem: >> >> ikelifetime=60s >> lifetime=30s >> rekeymargin=20s >> rekeyfuzz=0% >> >> And every time a rekey appears in the log file, some packets are lost >> (testing with ping -A -c 100 in a infinite loop). >> >> I'm using 4.5.2 from Squeeze Backports. >> >> I have three questions: >> >> 1- Is this normal? Shall I expect some packet loss during the rekey? >> >> 2- If not, what can I do to debug this? >> >> 3- Are there some code added to the latest version that can help on this >> issue? >> >> Regards, >> Diego >> >
I tried with reauth=no and I still have packet loss. -- Diego Woitasen _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
