[strongSwan] IKE Rekey is not working with no reauth

ashok kj Mon, 26 May 2014 08:12:20 -0700

Hi,

I am using StrongSwan version 5.1.1 with the following configuration.
Here I have clearly mentioned only rekey should happen at IKE/IPSec


lifetime expiry. IPSec lifetime expiry works as expected but when it
comes to IKE lifetime expiry I could see task activity as IKE_REKEY
and task queued as IKE_DELETE. After which IKE tunnel gets deleted.

Please see the ipsec.conf used

# ipsec.conf - strongSwan IPsec configuration file
config setup
        charondebug="ike 0, chd 2, cfg 2, net 3, enc 2, lib 2, mgr 2, knl 2 dmn 
-1"

conn home
     left=10.206.1.113
     [email protected]
     leftauth=eap-md5
     leftsourceip=%config
     leftfirewall=yes
     ike=3des-sha1-prfsha1-modp1024
     esp=aes128-sha1
     right=10.201.50.1
     rightsubnet=0.0.0.0/0
     rightid=picasso.com
     rightauth=psk
     auto=add
     dpdtimeout=200s
     dpdaction=clear
     ikelifetime=3600
     lifetime=36000
     reauth=no
     rekeymargin=3m
     keyingtries=1
     keyexchange=ikev2

Am I missing anything here so that IKE goes without re-authentication and only 
rekey should happen?

Regards
Ashok

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

[strongSwan] IKE Rekey is not working with no reauth

Reply via email to