Hi, > But I think we are violating the following RFC clause here right ?
> failed attempt to create a Child SA SHOULD NOT tear down the IKE SA: > there is no reason to lose the work done to set up the IKE SA. I don't think so. This statement is in the section of creating CHILD_SAs, not rekeying them. Further, it is a SHOULD NOT, not a MUST NOT requirement. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
