Hi,
I am looking for a clarification wrt "rekeying SA" in strongswan
implementation. During a rekeying negotiation to a remote peer, if local
node receives "NO_PROPOSAL_CHOSEN" in notify payload as a response to
CREATE_CHILD_SA request, should n't the current IKE SA be destroyed and
created onc
Hi,
> 10[IKE] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
> 10[IKE] CHILD_SA rekeying failed, trying again in 24 seconds
> Hence, is sending notify payload (no proposal chosen) not treated as
> failure for rekey attempt?
NO_PROPOSAL_CHOSEN usually indicates a permanent error, yes,
Hi Martin,
On Thursday 28 June 2012 01:27 PM, Martin Willi wrote:
> Hi,
>
>>10[IKE] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
>>10[IKE] CHILD_SA rekeying failed, trying again in 24 seconds
>> Hence, is sending notify payload (no proposal chosen) not treated as
>> failure for re
Hi Martin,
Thought of checking with "keyingtries=1" when NO_PROPOSAL_CHOSEN is in
CREATE_CHILD_SA response.
From charon.log:
[IKE] CHILD_SA tahi_ikev2_test{1} established with SPIs cdee854a_i
e31e56a3_o and TS X:X:X:1::1/128 === Y:Y:Y:1::1/128
..
[KNL] received a XFRM_MSG_EXPIRE
[KNL] crea
