I'd say that iOS never closes a CHILD_SA, but rather an IKE_SA or just forgets it or the connection is interrupted because the device goes to sleep. IIRC Windows closes a CHILD_SA if it's not used, expired or needs to be rekeyed. Sometimes a bug in Win10 is encountered and it closes the CHILD_SA because of that. Just client specifics.
On 02.12.2017 17:49, bls s wrote:
>
> I’m using charon-systemd with two different connection types: eap-mschapv2
> (for iOS) and pubkey for use with Windows. The ‘closing CHILD’ log entry IS
> present with pubkey connections as in:
>
>
>
> Dec 1 08:47:34 xunil charon-systemd[708]: closing CHILD_SA ikev2-pubkey{4}
> with SPIs c700f912_i (1201208 bytes) 57fa7898_o (48931713 bytes) and TS
> 0.0.0.0/0 === 10.92.10.2/32
>
>
>
> But there is no such entry with eap-mschapv2.
>
>
>
> Why is it not included with eap-mschapv2?
>
>
>
> Thanks
>
>
>
signature.asc
Description: OpenPGP digital signature
