Hi Gilles, > charon: 06[KNL] creating rekey job for CHILD_SA ESP/0xzzzzzzzz/yy.yy.yy.yy > charon: 08[IKE] queueing CHILD_REKEY task > ... > charon: 08[ENC] generating CREATE_CHILD_SA request 0 [ N(REKEY_SA) SA No TSi > TSr ] > charon: 08[NET] sending packet: from 192.168.0.230[4500] to > yy.yy.yy.yy[45075] (332 bytes) > ... > charon: 15[NET] received packet: from yy.yy.yy.yy[45075] to > 192.168.0.230[4500] (76 bytes) > charon: 15[ENC] parsed INFORMATIONAL request 2 [ D ] > charon: 15[IKE] received DELETE for IKE_SA IPSec-IKEv2[1] > charon: 15[IKE] deleting IKE_SA IPSec-IKEv2[1] between > 192.168.0.230[hostname]…yy.yy.yy.yy[user@hostname]
Hm, that looks like the other peer doesn't like CHILD_SA rekeyings and just deletes the whole IKE_SA if it receives one. Please check the log on the other end for details. What implementation is running there? Since you are the responder you might want to consider letting the initiator rekey the connection (if it supports that) by setting `rekey=no`. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
