Hi, > Hi Emeric, > >>>> To be more specific: >>>> - what happens exactly if it is enabled only on one side? >>> >>> It only has an effect on the peer that initiates the reauthentication. >>> Enabling it on a host that's always responder has no effect at all. >> >> What happens on strongSwan>=5.3.0 if the peer that has the make-before-break >> option set initiates the reauthentication first? > > I don't understand the question.
Two peers try to renegotiate an IKE SA, they both use strongSwan >=5.3.0 The first peer has the make-before-break authentication enabled The second peer does not have the make-before-break authentication enabled What happens if the first peer initiates first? Regards, Emeric