Hi Martin,
That should work, but the option actually is named reassign_online. And you can't define strongswan.conf options on a single line, but have to use sections, such as:charon { mem-pool { reassign_online = yes } }
It works. Thanks.
But please be aware that make-before-break re-authentication probably fails nonetheless: As there is no association between the old and new IKE_SA, strongSwan assigns a new reqid for the new CHILD_SA, but the kernel can't handle multiple policies having the same selectors.
You are right. But, break-before-make can interrupt the traffic a few seconds. Does Strongswan uses the IP address specified in the CP payload sent by the client during IKE AUTH exchange ?
Regards. Eric Boudrand _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
