Hi Sir,
We are using Strongswan-4.5.3 in our application . Here we are facing some
issue during the CHILD_SA Re-Key.
The messages are given below.
Initiator
Responder
--------------- CREATE_CHILD_SA (CHILD_SA Re-Key)------------->
----------------CREATE_CHILD_SA (NO_ADDITIONAL_SAS)-------->
----------------- INFORMATIONAL (DELETE for IKE)
---------------------->
As per the RFC 5996, it say's as below for "NO_ADDITIONAL_SAS" Notification
,
*If the responder rejects the CREATE_CHILD_SA*
*request with a NO_ADDITIONAL_SAS notification, the implementation*
*MUST be capable of instead deleting the old SA and creating a new*
*one.*
Here it say's that the CHILD_SA deletion & creation . However , in
Strongswan, it's doing the RE-AUTH of IKE_SA.
Is this the expected behavior or the RFC 5996 is case not implemented ?
Thanks & Regards,
Murali V
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
