Hi,
I am using strongswan 4.3.6
I have configured two peers to establish tunnel in tunnel mode.
Here is configuration in ipsec.conf
config setup
strictcrlpolicy=no
crlcheckinterval=180
plutostart=yes
charonstart=yes
nat_traversal=yes
conn %default
ikelifetime=10m
k
Hi Anand,
> conn %default
> ikelifetime=10m
> keylife=5m
> rekeymargin=3m
Not sure what exactly the problem is but I suspect it might be related
to the times you configured above (at least partially).
Please have a look at the wiki page documenting how rekey times are
calculated [1].
- Original Message -
From: Tobias Brunner
To: anand rao
Cc: "users@lists.strongswan.org"
Sent: Monday, March 19, 2012 9:17 PM
Subject: Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs
Hi Anand,
> conn %default
> ikelifetime=10m
> keylife=5m
>
Hi Anand,
> On my environment there is no support for kernel-netlink interface
> for IPsec,
>
> I have to use kernel-pfkey interface only as I have my hooks
> registered in PFKEY to XFRM for IPsec.
>
> I have tried latest versions of strongswan (4.5.1 and 4.5.3) both
> resulted in kernel panic a
the redundant child SA issue on 4.3.6. Please suggest me in resolving this
issue.
Thanks,
Anand
- Original Message -
From: Tobias Brunner
To: anand rao
Cc: "users@lists.strongswan.org"
Sent: Tuesday, March 20, 2012 2:25 PM
Subject: Re: [strongSwan] Charon hangs after failing
> issue.
>
> Thanks,
> Anand
>
> - Original Message -
> From: Tobias Brunner
> To: anand rao
> Cc: "users@lists.strongswan.org"
> Sent: Tuesday, March 20, 2012 2:25 PM
> Subject: Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec
> SAs
unner ; "users@lists.strongswan.org"
Sent: Friday, March 23, 2012 7:16 PM
Subject: Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs
Hi Anand,
wrt RFC 4306 Page 22:
If the two ends have the same lifetime policies, it is possible that
both will initiate a re
Hi Anand,
> conn toevm2-psk
> ...
> auto=route
The problem is the combination of auto=route and reauth=yes (which is
the default). With reauth=yes the IKE_SA is not rekeyed but
reauthenticated. This means that the IKE_SA is first deleted and then
reestablished. During this (albeit
,
Anand
- Original Message -
From: Tobias Brunner
To: anand rao
Cc: gowrishankar ;
"users@lists.strongswan.org"
Sent: Tuesday, April 10, 2012 3:57 PM
Subject: Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs
Hi Anand,
> conn toevm2-psk
>