ikev1: Always enable charon.reuse_ikesa

With IKEv1 we have to reuse IKE_SAs as otherwise the responder might detect the new SA as reauthentication and will "adopt" the CHILD_SAs of the original IKE_SA, while the initiator will not do so. This could cause CHILD_SA rekeying to fail later. Fixes #1236.
author: Tobias Brunner <tobias@strongswan.org> 2015-12-18 15:23:30 +0100
committer: Tobias Brunner <tobias@strongswan.org> 2016-02-01 11:37:41 +0100
commit: 24ab8530e5e6ec209aff5292026b7d1e84d5ccab (patch)
tree: 49d552d906b46dc6525ceaee3622f690f5cb729d /conf
parent: db57f5702b62adadf4fd28c4c3a8d556a9692713 (diff)
download: strongswan-24ab8530e5e6ec209aff5292026b7d1e84d5ccab.tar.bz2
strongswan-24ab8530e5e6ec209aff5292026b7d1e84d5ccab.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 816f3250c..a4e03d4af 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -283,7 +283,7 @@ charon.retry_initiate_interval = 0
 	resolution failed), 0 to disable retries.
 
 charon.reuse_ikesa = yes
-	Initiate CHILD_SA within existing IKE_SAs.
+	Initiate CHILD_SA within existing IKE_SAs (always enabled for IKEv1).
 
 charon.routing_table
 	Numerical routing table to install routes to.
author	Tobias Brunner <tobias@strongswan.org>	2015-12-18 15:23:30 +0100
committer	Tobias Brunner <tobias@strongswan.org>	2016-02-01 11:37:41 +0100
commit	24ab8530e5e6ec209aff5292026b7d1e84d5ccab (patch)
tree	49d552d906b46dc6525ceaee3622f690f5cb729d /conf
parent	db57f5702b62adadf4fd28c4c3a8d556a9692713 (diff)
download	strongswan-24ab8530e5e6ec209aff5292026b7d1e84d5ccab.tar.bz2 strongswan-24ab8530e5e6ec209aff5292026b7d1e84d5ccab.tar.xz