Hi, Sorry for the mistake.
Kind regards Noel Am 28.09.20 um 11:52 schrieb Tobias Brunner: > Hi, > >> up-client is called for each combination of remote ts and local ts >> components, as is down-client, when a CHILD_sa is established/destroyed. >> So when a CHILD_SA is rekeyed, both are called in the order the CHILD_SAs >> are negotiated/destroyed. > > The updown script is *not* called for IKE or CHILD_SA rekeyings. > However, if reauthentication is used with IKEv2, the script will be > called as new CHILD_SA are created. A down-event will be called either > before or after the reauthentication and the corresponding up-event > depending on whether make-before-break reauthentication is used by the > client, see [1]. > > By the way, the VICI interface does expose the ike/child-rekey events. > But reauthentication is not handled differently. > > Regards, > Tobias > > [1] https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey >
signature.asc
Description: OpenPGP digital signature
