On 2013-05-03 10:36, Gerald Richter - ECOS wrote: > Hi, > > during the debugging of IKEv1 rekeying I found out that the old > IKE_SA gets deleted before the new on is fully established. [...] > So from my point of view the local deletion of the ike_sa needs to be > delayed after the new ike_sa is fully established. > > Any comments?
Hi, I can't comment much except that I believe I am seeing the same problem. StrongSwan 5.0.3 with IKEv1 against a Cisco ASA (over which I have no control at all). I tried setting "uniqueids = no" (as per the previous discussions on the topic) but that doesn't seem to help much. In the logs this looks like this with "uniqueids = no": http://pastie.org/pastes/7820117/text?key=rdfidtfi8cogiglommtoq With "uniqueids = yes": http://pastie.org/pastes/7820136/text?key=rmcgqev4atibcsjipf5rfw In both cases I have to do "ipsec up theconnection" to start it again. Andreas
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
