will the use of "reauth=no" in strongswan create any interoperability problems with Cisco IKEv2 IPsec Peers?
On Mon, Dec 4, 2017 at 10:48 AM, Rajiv Kulkarni <[email protected]> wrote: > Hi > > Although mentioned in the wiki that IKEv1 always does reauthentication > when rekeying IKEv1-SAs... > > I still was getting some doubts...Can you please confirm that if i use the > below config for ipsec (using Strongswan 5.5.x)...the use of "reauth=no" in > the "conn default" will apply to all IKEv2 connections AND ONLY to IKEv2 > connections > > Can you clarify that this option will NOT have any effect on IKEv1 > connections > > ====================== > conn %default > ikelifetime=3h > keylife=1h > mobike=no > dpddelay=30s > dpdtimeout=90s > dpdaction=clear > fragmentation=yes > leftsendcert=always > reauth=no > > conn tun1_V1 > left=172.31.32.201 > right=192.168.0.100 > ... > ... > type=tunnel > keyexchange=ikev1 > auto=route > > conn tun2_V2 > left=172.31.32.201 > right=172.28.28.102 > ... > ... > type=tunnel > keyexchange=ikev2 > auto=route > > conn tun3_V2 > left=172.31.32.201 > right=172.29.1.2 > ... > ... > type=tunnel > keyexchange=ikev2 > auto=route > > > ====================== > > > thanks & regards > Rajiv > >
