Hi, > I have modified both sides of the VPN with ‘reauth=no’ and the problem > persists.
> Oct 15 19:51:40 CloudOpsVpns charon: 12[IKE] IKE_SA vpn1[23] established > between AAA.AA.AAA.AAA[[email protected]]...BB.BBB.BBB.BBB[host-us-west-1b] > Oct 15 19:51:40 CloudOpsVpns charon: 12[IKE] scheduling rekeying in 9787s > Oct 15 19:51:40 CloudOpsVpns charon: 12[IKE] maximum IKE_SA lifetime 10327s > Oct 15 19:51:40 CloudOpsVpns charon: 12[IKE] installing new virtual IP > 10.100.255.2 > Oct 15 19:51:40 CloudOpsVpns charon: 12[IKE] CHILD_SA vpn1{1} established > with SPIs cb5d4d03_i c25d94db_o and TS 10.100.255.2/32 === 10.0.0.0/28 > Oct 15 19:51:40 CloudOpsVpns charon: 12[IKE] received AUTH_LIFETIME of 3381s, > scheduling reauthentication in 2841s In this log I see a re-authentication procedure. After establishing the IKE_SA, the local host schedules re-authentication because it received an AUTH_LIFETIME notify from the responder. So it looks like re-authentication is still enabled on the peer. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
