[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] server initiated ipsec rekey
From: Martin Willi <martin () strongswan ! org>
Date: 2013-09-27 6:20:37
Message-ID: 1380262837.2940.8.camel () martin
[Download RAW message or body]
Hi,
> About 15 minutes after init and auth successes, StrongSwan sends
> create_child_sa to rekey the child sa. But the message id is reset to 0
> and neither initiator nor response flag is set. I don't think it is
> right according to standard.
This depends who is initiating the rekeying. If it is initiated by to
original responder (i.e. not the peer that initiated the tunnel), a
message ID of 0 might be correct, and also the initiator/response flag
would be to expect. IKEv2 uses distinct message ID counters for inbound
and outbound exchanges, both starting at 0.
Regards
Martin
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic