Hi Tore,
> That said, it seems to me that even if we're talking specifically about
> reauthentications, strongSwan's default "break before make"
> behaviour still violates the standard:
>
>Reauthentication is done by creating a new IKE SA from scratch (using
>IKE_SA_INIT/IKE_AUTH exchange
Hi again,
* Tobias Brunner
> > So is strongSwan here intentionally behaving in a non-compliant
> > manner simply in order to better interoperate with other
> > non-compliant IKEv2 implementations, or is there some other reason
> > why "make before break" isn't the default? That is, are there any
Hello everyone,
I'm currently switching from Openswan to Strongswan, and one thing I'm
having problem is defining multiple proposals in IKEv1 Main Mode.
According to wiki.strongswan.org, both ipsec.conf and swanctl.conf is able
to define multiple proposals, by using comma as the separator:
For
Hi Tore,
> There was one thing you mentioned above that gave me some pause though:
>
> «some heuristics might have to be used to avoid destroying the old SAs
> as duplicates»
>
> Could you elaborate on how this might be a problem?
>
> If I understand correctly: if make-before-break reauth is be
Hi Steve,
> Question 1) Can I define multiple proposals for 'ike' and adding '!' to
> restrict Strongswan to accept the defined proposals only? Since the
> initiator is not fixed, local Strongswan can be the responder or
> initiator depends on different scenario.
Yes, adding ! in ipsec.conf will
Hi,
What is the upper limit on replay window size ? i didn't find any
documentation on upper limit. is it dependent on Hardware, if so how to
find the limit
After a certain limit, i am having some problem with IPsec connection.
*replay_window = -1 | *
The IPsec replay window size for this conne
