diff options
author | Tobias Brunner <tobias@strongswan.org> | 2015-12-18 15:23:30 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2016-02-01 11:37:41 +0100 |
commit | 24ab8530e5e6ec209aff5292026b7d1e84d5ccab (patch) | |
tree | 49d552d906b46dc6525ceaee3622f690f5cb729d /conf | |
parent | db57f5702b62adadf4fd28c4c3a8d556a9692713 (diff) | |
download | strongswan-24ab8530e5e6ec209aff5292026b7d1e84d5ccab.tar.bz2 strongswan-24ab8530e5e6ec209aff5292026b7d1e84d5ccab.tar.xz |
ikev1: Always enable charon.reuse_ikesa
With IKEv1 we have to reuse IKE_SAs as otherwise the responder might
detect the new SA as reauthentication and will "adopt" the CHILD_SAs of
the original IKE_SA, while the initiator will not do so. This could
cause CHILD_SA rekeying to fail later.
Fixes #1236.
Diffstat (limited to 'conf')
-rw-r--r-- | conf/options/charon.opt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 816f3250c..a4e03d4af 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -283,7 +283,7 @@ charon.retry_initiate_interval = 0 resolution failed), 0 to disable retries. charon.reuse_ikesa = yes - Initiate CHILD_SA within existing IKE_SAs. + Initiate CHILD_SA within existing IKE_SAs (always enabled for IKEv1). charon.routing_table Numerical routing table to install routes to. |