Hi Martin, > > > deleting duplicate IKE_SA for peer 'DC=test, DC=testuml, > > OU=Zertifikate, CN=ipsec cert' due to uniqueness policy > > > If I add " uniqueids = no" to the ipsec.conf, it works, but this was > > never necessary in the past. > > This is indeed an issue: ISAKMP reauthentication does not properly migrate > children from the replaced to the new SA. This is required when having a > unique policy. I pushed two changes to [1] fixing this issue. > Let me know if this works for you. > >[1]http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/ikev1-rekeying >
The patch work for us. Phase 1 rekeying with policy=unique now works without problems. Thanks Gerald _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
