'Re: [strongSwan] Strongswan IKEv2 Stack (charon): Are the Tunnels brought automatically down if peer'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    Re: [strongSwan] Strongswan IKEv2 Stack (charon): Are the Tunnels brought automatically down if peer
From:       Sajal Malhotra <sajalmalhotra () gmail ! com>
Date:       2014-11-14 13:54:18
Message-ID: CAA=hGPz_1aNfOzK9=B409FpC9eExOr4LXVsGzcUA1eStWu2TMQ () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]

Hi Martin,

Thanks for your very quick response.
Can you let me know how re-authentication can be enabled? Is this an option
compliant with RFC4306 because i could not find any re-authentication
mechanism there. Or are you referring to RFC 4478?

Also is it supported in strongswan v4.2.8 as well?

BR
Sajal

On Fri, Nov 14, 2014 at 4:48 PM, Martin Willi <martin@strongswan.org> wrote:

> Hi Sajal,
>
> > If a IKEv2 tunnel is already established with a peer, then is this tunnel
> > brought down automatically by strongswan
>
> No, the trust chain is validated during the initial tunnel setup only.
> As reauthentication re-establishes the tunnel (if not disabled), the
> trustchain gets re-evaluated periodically according to your ikelifetime.
>
> Regards
> Martin
>
>

[Attachment #5 (text/html)]

<div dir="ltr">Hi Martin,<div><br></div><div>Thanks for your very quick response.  \
</div><div>Can you let me know how re-authentication can be enabled? Is this an \
option compliant with RFC4306 because i could not find any re-authentication \
mechanism there. Or are you referring to RFC 4478?</div><div><br></div><div>Also is \
it supported in strongswan v4.2.8 as \
well?</div><div><br></div><div>BR</div><div>Sajal</div></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 14, 2014 at 4:48 PM, \
Martin Willi <span dir="ltr">&lt;<a href="mailto:martin@strongswan.org" \
target="_blank">martin@strongswan.org</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Hi Sajal,<br> <span class=""><br>
&gt; If a IKEv2 tunnel is already established with a peer, then is this tunnel<br>
&gt; brought down automatically by strongswan<br>
<br>
</span>No, the trust chain is validated during the initial tunnel setup only.<br>
As reauthentication re-establishes the tunnel (if not disabled), the<br>
trustchain gets re-evaluated periodically according to your ikelifetime.<br>
<br>
Regards<br>
<span class="HOEnZb"><font color="#888888">Martin<br>
<br>
</font></span></blockquote></div><br></div>

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

[prev in list] [next in list] [prev in thread] [next in thread] 