Hi, > The strongSwan responder was having trouble rekeying IKE SAs with > Windows 7 Agile VPN initiator every 3 hours due to "unacceptable traffic > selectors."
According to your log (and your subject), I'd guess it is the other way round: CHILD_SA rekeying fails once an IKE_SA rekeying completed. An IKE_SA rekeying doesn't transfer any traffic selectors, it actually can't fail for this reason. > strongswan-5.0.1 I recently fixed an annoying bug that can affect rekeyings: the virtual IP was not transferred correctly during IKE_SA rekeying. For rekeyed IKE_SAs, the virtual IP is not available anymore, which affects traffic selector derivation/selection if they are "dynamic". Please try the patch at [1], chances are good that it fixes this issue. Only 5.0.1 is affected, 5.0.2 will include the fix. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=43b4c2ea _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
