Bug #464: Incorrect handling of IKE_SA rekeying collision when one of the peers (client) does not detect collision - strongSwan

Bug #464

Incorrect handling of IKE_SA rekeying collision when one of the peers (client) does not detect collision

Added by John Johnson almost 12 years ago. Updated about 9 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Tobias Brunner

Category:

charon

Target version:

5.5.0

Start date:

12.12.2013

Due date:

Estimated time:

Affected version:

5.1.0

Resolution:

Fixed

Description

Hello,
Looks like StrongSwan do not properly handle RFC 5996 (2.8.2).
The part where one of the peers do not detect collision (client in our case).
In that case StrongSwan closes all IKE SAs when got D INFORMATIONAL in rekey.

History

#1 Updated by John F over 11 years ago

I've seen that occurring several times.
In my opinion, it's strongSwan's worst bug. And it hasn't received the attention from developers it deserves.

#2 Updated by Tobias Brunner over 9 years ago

Tracker changed from Issue to Bug
Status changed from New to Assigned
Assignee set to Tobias Brunner
Priority changed from High to Normal
Target version set to 5.5.0

#3 Updated by Tobias Brunner about 9 years ago

Subject changed from IKE SA rekeying collision when one of the peers (client) does not detect collision to Incorrect handling of IKE_SA rekeying collision when one of the peers (client) does not detect collision
Status changed from Assigned to Closed
Resolution set to Fixed

Project

General

Profile